Security at imaketoday

Token encryption

Every OAuth access and refresh token is encrypted at rest with AES-256-GCM before it touches the database. Tokens are decrypted only in memory at the moment a request is made to a platform.

OAuth done right

• PKCE (S256) on every OAuth 2.0 flow that supports it.
• Signed, short-lived state with a CSRF token to prevent forged callbacks.
• We request the minimum scopes each integration needs.

Agent access

MCP / CLI access uses scope-gated tokens you can revoke at any time, and every action — by you or an agent — is written to an immutable audit log.

Tenancy & isolation

Workspaces are the tenant boundary. Every query is scoped to a workspace, and role-based access control governs who can read, publish, or administer.

Reporting an issue

Found something? Please contact us — we take reports seriously and respond quickly.