Agents on a short leash.

Putting an autonomous agent next to your CMS is a serious ask. Here is exactly what it can do, exactly what it can't, and exactly how we prove it.

Compliance posture

GDPR

GDPR-aligned

DPA available on request

SOC

SOC 2 Type II

planned · roadmap target

ISO

ISO 27001

under review

HIPAA

not in current scope

VisibilityPro is in beta. Attestations and certifications are tracked publicly as they land. Contact us for the current DPA and sub-processor list.

The capability matrix

Capability	Default	Policy
Read DOM of the current tab	allowed	Only the active tab, only when the panel is open, only after explicit Run audit. Never background tabs.
Probe answer engines (ChatGPT, Claude, Perplexity, Gemini, etc.)	allowed	Server-side, never from your browser. We never expose your IP to the engines we probe.
Discover your CMS & auth method	prompted	Detection runs locally. Connecting a CMS prompts the workspace owner with the exact scopes requested.
Draft a change in your CMS	prompted	Always a draft, never auto-publish. Visible side-by-side diff. Approval required.
Publish a change to your live site	blocked	Disabled by default at every plan. Enabling requires a workspace-admin signature and a typed "publish" confirmation per page.
Send marketing emails on your behalf	blocked	Not a capability. The agents have no email skill.
Read your customer data / analytics	blocked	Not a capability. We do not connect to GA, Mixpanel, Segment, or your CDP.
Train on your content	blocked	Contractually prohibited. Customer content is never used to train models — ours, sub-processors', or open releases.

Data handling

Encryption. TLS 1.3 in transit. AES-256 at rest. Per-customer encryption keys on Enterprise.

Residency. US-East default. EU residency (Frankfurt) available on Pro+. UK and APAC on Enterprise.

Retention. Audit reports retained 12 months by default; configurable from 30 days to 7 years.

Sub-processors. Current list published in our privacy policy: Railway (hosting + DB + Redis), Supabase (auth), Anthropic (LLM inference), Stripe (billing), OpenClaw (specialist LLM skill runtime; processes page content for AI auditing skills; EU region data-processing configuration). 30-day notice on changes to workspace owners by email.

Deletion. SLA: full account deletion within 30 days of request. Sub-processor purge confirmed in writing.

Agent safety

Prompt-injection defense. Every fetched DOM passes through a quarantine layer that strips and flags injection patterns before any agent reads it. Findings include the quarantine report.

Tool-use exfiltration. The lieutenant agent inspects every skill invocation for data flowing outward (URL params, image src, font src, etc.) and blocks at the boundary.

Tamper-evident audit log. Every agent decision and shipped action is hash-chained. We publish the root hash daily to a public ledger.

Red team. Continuous internal red team + quarterly external assessment. Latest report Apr 2026, on request.

Talk to security.

Request our current DPA, sub-processor list, the architecture overview or a vendor questionnaire. Formal attestations (SOC 2, ISO 27001) are on the roadmap and will be linked here once awarded.

Request the trust packet → [email protected]