// 00Security

Control and evidence are the product — not an add-on.

Tensor does real work in your tools, so Actions run inside the approval gates you configure, scoped access, and an evidence trail you can audit. The same controls that make the agent useful are what keep it safe.

At a glance
  • Human approval on the steps you mark sensitive
  • Every Action logged, reviewable, and approval-gated
  • Workspace permissions, with RBAC + SSO/SAML on higher tiers
  • Your data — encrypted in transit, exportable, and deletable
  • Last reviewed: 2026-06-07
// 01Control model

Risky steps stop for a human — by design.

Tensor handles routine work on its own and pauses anything sensitive, costly, or unclear before it becomes final. You set where the line is, and it applies across your workflows.

Approvals where they matter

  • Routine, approved Actions run automatically.
  • Pricing, promises, refunds, and customer-facing changes gate for approval.
  • Conflicting or missing context stops instead of guessing.
  • Actions are constrained to the policy you set — designed not to send or submit outside it.

Least-privilege by default

  • The agent is designed to run only the Actions you have approved.
  • Capabilities are gated and scoped, not open-ended.
  • Browser work follows an allowed path with stop conditions.
  • Sensitive operations require an explicit, logged decision.
// 02Evidence & audit

Every Action leaves an evidence trail.

Work an agent does should be reviewable after the fact, not just in the moment. Tensor records what happened so you can audit it.

A record of every run

  • Each run logs the trigger, steps, approvals, artifacts, and outcome.
  • Admin changes are recorded — what changed, who did it, and when.
  • Completed work is reviewable, not ephemeral.

Signed, exportable audit logs

  • Configurable audit logging, from basic to standard to export.
  • Signed audit logs on Enterprise for added integrity.
  • Export the trail into your own review and reporting tools.
// 03Access & identity

Scoped access, not blanket access.

Control who can see what and who can change what — for your team and for the agent.

Team access controls

  • Workspace permissions control who can view history.
  • Role-based access (RBAC) governs who can change routing and agent settings on higher tiers.
  • SSO / SAML and SCIM provisioning on Enterprise.

Credentials stay contained

  • Stored website sign-ins live in a credential vault (Pro and Enterprise).
  • Each credential is scoped to the Actions that need it.
  • Logins are not shared across the workspace — the agent uses them only for approved browser work.
// 04Data & retention

Your data stays yours.

You decide what is kept, for how long, and when it goes. See the privacy policy for the full detail.

Ownership and portability

  • Your data is encrypted in transit, exportable, and deletable on your terms.
  • Demo data is kept separate from your real records.
  • Analytics run only with consent, with opt-in for EU, EEA, and UK visitors.

Retention you configure

  • Conversation history is configurable.
  • Recordings can be disabled entirely.
  • Transcripts and summaries are kept only as long as you choose.
// 05Deployment & assurance

Built for teams with real requirements.

Start small and expand as trust and scope grow. Higher tiers add the governance and deployment options larger teams need — compare them on pricing.

Deployment options

  • Customer-cloud / BYOC deployment available on Enterprise.
  • Advanced approval routing and RBAC for larger teams.
  • Custom SLA on Enterprise.

A security review on request

  • We focus on showable controls: approvals, access, audit logs, and retention.
  • A security review maps those controls to your requirements before rollout.
  • Request our control documentation for your vendor assessment.
// 06Questions

Security questions, answered plainly.

Can the agent act without my approval?

Only on the routine work you approve. Sensitive, costly, or unclear steps pause for a person, and you decide where that line sits.

Who can see our data?

Your data stays yours — encrypted in transit, exportable, and deletable on your terms. Workspace permissions control who on your team can view history or change settings, and demo data is kept separate from your real records.

Do you store our logins and passwords?

Stored website sign-ins live in a credential vault (on Pro and Enterprise plans), scoped to the Actions that need them, so credentials are not shared across the workspace.

Can we delete our data and control retention?

Yes. Data is exportable and deletable on your terms, and retention is configurable — recordings can be disabled and transcripts kept only as long as you choose.

What audit trail do we get?

Every Action logs its trigger, steps, approvals, artifacts, and outcome, and admin changes are recorded with who, what, and when. Audit-log export is available on Pro, and signed audit logs on Enterprise.

Where is our data processed, and what about GDPR or a DPA?

We collect analytics only with consent and offer opt-in for EU, EEA, and UK visitors — see the privacy policy for data-handling detail. Enterprise customers can deploy in their own cloud (BYOC) for data-residency control, and we will walk through sub-processors and a data processing agreement during a security review.

// 07Demo

See the controls in a live demo.

Ask to see approvals, the evidence trail, and access controls on the workflow you care about — not a generic tour.