Security

Practical safeguards for Magento content automation

No fake badges, no inflated claims. Just clear controls and transparent behavior.

Credential handling

  • Store credentials encrypted at rest
  • User AI key encrypted at rest
  • Credential resolution scoped by user + store code

Application safeguards

  • Session auth with regeneration on login/logout
  • CSRF protection on mutating web forms
  • Owner-scoped data isolation
  • Dry-run review and approval layer before publish

Operational behavior

  • Dry-run mode before apply
  • Per-rule lock during run execution
  • Retry and backoff for transient integration failures
  • Deterministic fingerprint skip to avoid redundant generation

Safety in run execution

  • Unchanged-value skip to reduce unnecessary writes
  • Fingerprint cooldown skip to avoid duplicate updates
  • Permanent source fingerprint unchanged mode
  • Local compliance checks for banned phrases and patterns
  • Item-level status and reason logging for traceability
  • Rule archive state prevents accidental re-runs

Magento connection isolation

  • Per-user connection records and store code mapping
  • Paused connections are excluded from runtime resolution
  • Connection testing uses scoped API call to /rest/V1/store/storeViews
  • Store credentials isolated from AI key storage

What this page does not claim

  • No certification claims (SOC 2, ISO, etc.) unless formally completed.
  • No implied compliance attestation beyond implemented controls.
  • No promise of zero failures in external API dependencies.

Security FAQ

Can I preview without writing to Magento?

Yes. Dry-run mode avoids Magento update calls.

Where is my AI key stored?

In encrypted storage, scoped to your user account.

Can one user access another user’s rules?

Rules, runs, and store connections are owner-scoped at query and route layers.