Tenant isolation
Every operational record is scoped to a workspace, with authorization enforced server-side.
Controls for real operational data.
Operon is designed around tenant isolation, encrypted connector credentials, audit logs, validation gates, and human approval before sensitive outputs.
Audit trails
Signup, privacy acceptance, workflow transitions, review actions, and output deliveries are logged.
Human gates
Validation failures and low-confidence AI outputs route to review before downstream action.
Credential handling
Connector and output secrets are stored server-side, encrypted when an encryption key is configured, and excluded from customer diagnostics and exports.
Worker controls
Background processing endpoints support worker-secret authorization for workflow jobs, connector polling, and output delivery retries.
Browser hardening
Application responses include security headers for framing, content type sniffing, referrer policy, permissions policy, and a restrictive content security policy.