Workjet
Log in Join Beta

Security

Security by architecture, not by promise

Workjet is designed so your sensitive data never has to leave your control. Credentials stay in your OS keychain, inference routes through your own gateway, and every interaction is logged immutably.

What data lives where

Workjet separates concerns so sensitive data stays under your control.

Your Device

Never leaves your machine

  • API keys in OS keychain
  • Conversation history (local)
  • Documents & uploaded files
  • Tool connections stored locally
  • Session cookies: HttpOnly + Secure + SameSite

Your Gateway

Cloud-native runtime

  • DLP/PII scanning (SSN, CC, email, phone, AWS keys, API secrets)
  • Model routing (per-tier, priority fallback)
  • Cost metering (per-model token rates)
  • Audit logging (immutable records)
  • Rate limiting (per-user & per-IP)

AI Providers

Inference only, no persistent storage

  • Inference requests only (after DLP scan)
  • No persistent storage of your data
  • Configurable provider selection
  • No raw data retention by providers

How we protect your data

Six layers of defense, from encryption to network architecture.

Encryption

TLS 1.3 for all data in transit. AES-256 at rest for documents and databases. Secure cookies with Domain scoping. Your OS keychain handles credential encryption natively.

DLP Pipeline

Real-time pattern scanning on every request. 6 built-in patterns: credit cards, SSNs, email addresses, phone numbers, AWS keys, and API secrets. Custom regex support. Actions: redact, block, or warn.

Audit Trail

Every AI interaction logged: user, action, model, tokens, cost, DLP result, IP, and user agent. Stored in an immutable log with optional archival of full payloads. Filterable by action type, user, and date range. Exportable for compliance.

Credential Management

API keys hashed with SHA-256 — raw key shown once, never stored. Session tokens are HttpOnly cookies with 30-day expiry. Google OAuth for passwordless login. No plaintext secrets in any database.

Workspace Isolation

Workspace-scoped queries on every request. Role-based access control with owner, admin, and member roles. Per-workspace DLP policies, routing rules, and budget caps. No cross-workspace data leakage by design.

Network Architecture

All requests proxied through a global edge network (280+ cities). No origin server to attack. Data-plane access only via authenticated worker bindings — not public endpoints. Zero exposed infrastructure.

Authentication

How authentication works

Three authentication mechanisms, each designed for its specific use case.

Google OAuth SSO

Passwordless login for portal and marketplace users.

1. Google OAuth redirect

2. API callback → user upsert

3. Session cookie issued

4. Domain=.workjet.dev

API Keys

Programmatic access for desktop app and integrations.

Prefix

wj_live_*

Storage

SHA-256 hash at rest

Scope

Tenant-scoped, shown once

Cross-subdomain Sessions

Single sign-on across all Workjet subdomains.

portal.workjet.dev Admin dashboard
marketplace.workjet.dev Skill discovery
api.workjet.dev API & gateway

Shared via Domain=.workjet.dev cookie with 30-day expiry

Have security questions?

Our team is happy to walk through our architecture and security practices in detail.

Contact security team Read security docs