docs: add Security and Data section (Security + Data retention)#3525
Draft
palash-c wants to merge 7 commits into
Draft
docs: add Security and Data section (Security + Data retention)#3525palash-c wants to merge 7 commits into
palash-c wants to merge 7 commits into
Conversation
…b-processors)
New /docs/security section mirroring the structure of comparable security docs:
- security/overview: posture, isolation, credential protection, Trust Center links
- security/data-retention: what's stored, 1-year retention, the Log storage / ZDR toggle
("Don't store data"), encryption scope
- security/sub-processors: which providers see payloads vs metadata; defers the
authoritative list to trust.composio.dev
Grounded in code (logVisibilitySetting, ClickHouse TTL, AES-256-GCM secret encryption).
Items needing trust-owner sign-off are marked with TRUST-OWNER comments. DRAFT.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…Center); contact sales CTA - sub-processors page no longer names vendors; describes data-flow categories and links trust.composio.dev/subprocessors as the authoritative list (Trust Center lists 5 today; keep docs consistent + minimal) - ZDR page CTA -> [contact sales](composio.dev/contact?utm_source=docs) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…nd users' data Per the GEP call: customers care about THEIR end users' data, which lives in tool-call payloads. Composio stores only the opaque user_id, never end-user identities; "Don't store data" is what keeps end users' payload data out of Composio's storage. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…cted screenshot - single page docs/content/docs/security-and-data.mdx (replaces the 3-page security/ folder) - adds redacted Log-storage screenshot (project/org/email/user_id blurred; "Don't store data" highlighted) at docs/public/images/log-storage-dont-store-data.png - nav: single "Security and Data" section, below Triggers and webhooks Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Collaborator
Author
|
Updated: consolidated the 3 pages into a single |
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…on); no ZDR promise - security/overview.mdx: posture, compliance/Trust Center, isolation, credential protection - security/data-retention.mdx: what's stored, 1-year retention, the Log storage "Don't store data" option, and an honest "Where your data goes" section (data still flows to sub-processors during execution; defers the list to the Trust Center) - frames "Don't store data" as controlling what Composio retains, not a Zero-Data-Retention guarantee; contractual ZDR is a contact-sales option only Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…(data flow) Disclosed low-key in the "Where your data goes" list, scoped to "if you use the workbench", deferring specifics to the Trust Center. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a Security and Data docs section (below Triggers and webhooks) with two pages:
/docs/security/overview) — posture, compliance and the Trust Center, org/project isolation, credential protection (AES-256-GCM at rest, TLS), token redaction, webhook signing, responsibilities, and vulnerability reporting./docs/security/data-retention) — what Composio stores, 1-year retention, the per-project Log storage → "Don't store data" option (Composio keeps an audit record but does not store tool-call payloads), an honest "Where your data goes" section (data still flows to the destination provider and sub-processors during execution; links the Trust Center sub-processor list), and a contact-sales path for contractual arrangements. Includes a redacted dashboard screenshot.Note: "Don't store data" controls what Composio retains; it is not framed as a zero-data-retention guarantee.
🤖 Generated with Claude Code