Security Overview
Assistra applies security controls designed for a multi-tenant SaaS platform, but no platform can guarantee absolute security.
Tenant isolation
Tenant data is separated by tenant scope, authorization checks and cross-tenant access protections.
Access controls
Roles, permissions, subscription gates, rate limits, password reset protections, Google login controls and owner role safeguards help reduce account and privilege abuse.
Runtime safeguards
Webhook signature validation, secret protection, upload validation, queue safety, maintenance mode, kill switches, channel diagnostics and audit logs support safer production operations.
Credential handling
Tenants should store only the required channel credentials in Assistra, rotate provider tokens when staff access changes, and disable live sending when testing or troubleshooting unsafe channel behavior.
Shared responsibility
Tenants must protect their own staff accounts, devices, channel credentials, webhook endpoints, Meta accounts, Telegram bots, customer privacy notices and customer data practices.
Incident and support limits
Assistra may investigate security or reliability issues based on available logs, but tenants must also monitor their own provider accounts, staff devices and connected systems.