SECURITY
WellStreak is engineered for production-grade AI workforce operations, combining secure defaults, auditable actions, and controlled access patterns designed for modern SaaS teams.
Last updated: February 18, 2026
WellStreak applies a tenant-isolated architecture so customer records are scoped to workspace boundaries. Application routes, subscription checks, and company-scoped data resolution are enforced before business operations execute.
The platform is designed with least-privilege principles in mind. Access paths are validated through authenticated context, role checks, and workspace ownership controls across sensitive workflows.
Authentication supports secure account access with provider-based login, session handling, and email verification controls. Internal authorization logic distinguishes owner, admin, member, and super admin capabilities.
For team operations, WellStreak supports controlled access management so workspace administrators can govern who can configure integrations, billing, and AI behavior settings.
Integration secrets are stored using encrypted handling patterns and are never intended for client-side exposure. Webhook endpoints are validated with signature checks where supported, including billing and channel callbacks.
Connection testing and status visibility are built into integration flows to reduce misconfiguration risk and provide operators with clear activation state before traffic is routed.
API routes use rate limiting and origin validation to reduce abuse, scripted misuse, and cross-origin request risk. Security-sensitive actions are recorded into audit logs for traceability and operational review.
WellStreak continuously prioritizes secure defaults in production paths, including billing operations, admin workflows, and externally reachable integration endpoints.
The platform maintains operational observability through analytics, audit trails, and workflow status telemetry. This enables faster investigation when unusual behavior or integration anomalies are detected.
If you discover a security concern, report it to support@wellstreak.io with reproduction details, affected route, and impact scope. Responsible disclosure is encouraged and reviewed with priority.
