Frontless handles business-critical operations data โ client records, invoices, email content, and workflow state. Here's exactly how we protect it.
All data is stored in PostgreSQL with AES-256 encryption at rest via cloud-native encryption (AWS KMS / GCP KMS). OAuth tokens receive an additional layer of AES-256-GCM encryption with per-workspace keys backed by a hardware security module (HSM) key hierarchy. Tokens are decrypted only at the moment of API calls and never exposed to client-side code or the LLM.
All connections use TLS 1.3 (minimum 1.2). This covers browser-to-server, server-to-database, server-to-email-provider, and server-to-LLM API traffic. There are no plaintext code paths in production.
Database backups are encrypted with a separate backup key and stored with offline key escrow. Backup encryption is independent of the primary database encryption.
Passwords are hashed with bcrypt (10 salt rounds). Plaintext passwords are never stored, logged, or included in error messages. Minimum length is enforced at registration. Rate limiting protects authentication endpoints against brute-force attacks.
Sessions use cryptographically random tokens stored server-side. Session cookies are HttpOnly (cannot be read by JavaScript), Secure (transmitted only over HTTPS), and SameSite (CSRF protection). Sessions expire after 7 days with rotation on validated requests.
All accounts require email verification before access. Freemail providers (Gmail, Outlook, Yahoo, etc.) are blocked at registration to ensure business accounts only.
Frontless is a multi-tenant application with strict workspace isolation. Every database query is scoped to the authenticated user's workspace via a mandatory tenant_id parameter โ there is no mechanism for cross-tenant data access in the application layer.
Row-level security (RLS) policies in PostgreSQL provide defense-in-depth: even if application code is bypassed, the database itself enforces tenant boundaries. Enterprise customers can opt for dedicated database instances for full physical isolation.
Every state-changing operation is logged in an append-only event table: record creates, updates, deletes, schema changes, rule executions, workflow transitions, and email actions. Each event includes the actor, timestamp, action type, and full before/after snapshots of affected data.
Audit logs are immutable โ they cannot be modified or deleted after creation. Users can query the event log through conversation ("show the last 20 changes"), undo operations via the audit trail, and export events for external compliance systems.
workspace_id tenant-001
event_id evt-00847
actor jane@acme.com
action update_record
entity Invoice
record_id INV-0089
before { "status": "pending" }
after { "status": "paid" }
timestamp 2026-02-21T14:32:01ZFrontless uses the Anthropic Claude API for natural language understanding: interpreting user intent, generating structured operation plans, and classifying incoming email. The LLM proposes actions โ the deterministic command engine validates and executes them. The AI never writes directly to your data.
All AI providers are selected for their API data policies. Inputs and outputs sent to the Claude API are not used for model training and are not retained beyond standard API processing windows. We do not fine-tune or train any models on customer data.
OAuth tokens and encrypted credentials are never sent to the LLM. Email content is truncated to essential context before classification. The LLM receives workspace schema and relevant record context โ not bulk data exports. Enterprise customers can opt for zero-data-retention LLM configurations.
Frontless follows a strict "LLM proposes, engine executes" architecture. The AI generates a structured operation plan (JSON). The command engine then validates every operation against the workspace schema, checks required fields, enforces type constraints, verifies permissions, and logs events โ before any data is written.
If validation fails, the operation is rejected with a clear error and no data changes. This means AI hallucinations or malformed outputs cannot corrupt your data. Every operation is also reversible via the undo system.
Email connections request the minimum OAuth scopes required. Level 1 integration is strictly read-only โ Frontless cannot send, delete, or modify emails in your inbox. Outbound email capabilities (Level 3) require explicit re-authorization with additional scopes and are gated by mandatory approval workflows.
OAuth tokens are encrypted with AES-256-GCM using per-workspace keys before storage. Tokens are decrypted only during provider API calls by the integration layer and are never exposed to client-side code, the LLM, or error logs.
Full email bodies are processed in memory for classification and discarded after processing. Only metadata (sender, subject, date), the LLM-generated summary, and classification results are stored permanently. This is configurable per workspace โ you can opt into full body storage if your compliance requirements demand it.
Attachment content is never downloaded or processed. Only metadata (filename, size, MIME type) is extracted. Frontless does not forward, store, or index attachment contents.
Frontless uses the following third-party services to deliver the product:
Additional AI providers may be added for availability and failover. All providers are vetted for equivalent data protection policies before integration.
If your security or procurement team needs additional details, we're happy to answer specific questions or provide documentation.
Get in touch