SECURITY

Built for executive trust.

Crafted Virtue handles voice, reputation, content, social publishing, and enterprise approval data. Security is treated as a product requirement, not a back-office concern.

Last updated: May 2026

1.Security Principles

Least-privilege access

Approval-aware publishing

Secure connected-channel handling

Auditability

Enterprise isolation

Human oversight for high-risk actions

2.Discretion by architecture

Your drafts, your voice model, your data — isolated to you. Your voice data trains only your model, and drafts are visible to no one until you approve them.

3.Account and Access Security

  • Secure authentication and session management.
  • Role-aware access controls.
  • Enterprise role and permission management.
  • Optional enterprise SSO planned for advanced deployments.
  • Administrative access should be limited and logged.

4.Data Protection

Crafted Virtue should protect sensitive information at rest and in transit. User content, writing samples, connected-channel metadata, analytics, and approval logs should be handled according to appropriate security controls.

5.Connected Channels

Connected publishing channels are sensitive. Tokens and channel permissions should be stored securely, never displayed in the UI, and revocable by the user or administrator.

6.Approval and Publishing Safety

Publishing workflows should enforce approval state before content can be scheduled or sent to connected channels. High-risk, failed, or enterprise-governed content should route through additional review.

Only approved content can be published.

7.Audit Logs

Important actions should be logged, including sign-ins, content creation, content edits, approvals, publishing attempts, failed jobs, billing events, role changes, and enterprise compliance actions.

8.Enterprise Governance

  • Role-based permissions.
  • Shared approval queues.
  • Compliance archives.
  • Brand rule enforcement.
  • Export-ready reporting.
  • Multi-executive analytics with appropriate access boundaries.

9.Incident Response

Security and reliability incidents should be triaged, investigated, remediated, and documented. Users or enterprise administrators should be notified when incidents materially affect their workspace or data.

10.Responsible Disclosure

If you believe you have discovered a vulnerability, contact the Crafted Virtue team through the security contact channel. Please avoid accessing, modifying, or disclosing user data.

Questions about how Crafted Virtue handles trust, data, or AI?