security

Your studio’s data, handled properly.

Encryption everywhere, strict per-studio isolation, and a full audit trail. Here’s exactly how Cockpit protects you and your members.

Encryption at rest

Every credential is encrypted with AES-256-GCM. Plaintext keys never leave the connector that uses them, and access is fingerprinted.

Per-studio isolation

Every database query is scoped to your studio. One studio’s data is never visible to another - multi-tenancy is enforced at the data layer, not just the UI.

OAuth, not passwords

Cockpit connects to your tools over OAuth wherever the platform supports it, so for most integrations we never see - or store - your password.

Full audit trail

Every credential access and every tool call is logged. You can see exactly what was read, by which agent, and when.

Approvals on outbound

Messages, emails and charges wait for your one-tap approval until you choose to turn on autopilot - per contact or per action type. Safety checks always run.

Data residency

Built and operated for UK studios, timezone-aware throughout. Residency and processing options for multi-site operators - talk to us.

compliance

On the path, and transparent about where we are.

We align to UK GDPR and follow least-privilege access across the platform. SOC 2 Type II is in progress. A Data Processing Agreement is available on request - read our privacy policy for how we handle member data, retention and deletion.

UK GDPR aligned
SOC 2 Type II - in progress
Least-privilege access
DPA on request