Security
How we protect your site and your customers' data.
Every prompt is treated as untrusted input.
Customer prompts never reach a shell, fetch, eval, or any code-execution context. The code-modifier LLM has a strict allow-list of editable files; it cannot create files, delete files, or touch anything outside content data.
Every change is reversible.
S3 versioning is enabled on every site bucket from day one. The undo path never goes through an LLM — it's a direct version-pointer flip in DynamoDB.
Auth is industry-standard.
AWS Cognito with PKCE auth-code flow, httpOnly cookies, JWT verification on every request, JWKS rotation handled automatically.
Secrets are never in source.
All credentials (Bedrock, Stripe, Twilio, SES) come from AWS Secrets Manager or IAM-role-based access. The repository contains zero secrets.
Customer data is minimized.
Phone numbers and prompt text are SHA-256 hashed in our logs. The only place full prompt text lives is in the per-client DynamoDB prompt history.
Output is scanned before deploy.
Every modifier output is scanned for inline <script> tags, eval, and removal of analytics tags before the new version is committed. A visual QA pass also runs.
Found a security issue? Please email halim@symbolic-design.com with the subject “Security”. We respond within one business day.