Access separation
Pixilo separates owner, operator, support, and generated-store access. Tenant stores use separate databases, and support access should be short-lived and logged.
Session protection
Owner sessions use signed HttpOnly cookies, Secure cookies in production, SameSite controls, embedded expiry, and server-side revocation state. Password reset/change, email change, suspicious events, and Log out everywhere should invalidate older owner sessions.
Fresh authentication
Sensitive actions such as password changes, email changes, billing/payment changes, domain/sender changes, team invites, data export, runtime restart, and destructive operations may require a recent sign-in or step-up verification.
Secrets and payments
Pixilo does not store full card numbers, CVV codes, readable passwords, private external inboxes, external bank dashboards, or private payment-provider dashboards.
Backups
Pixilo may create local, VPS, or object-storage backups and restore drills. Backup metadata, restore evidence, and retention status help operators understand recovery readiness.
Proof artifacts
Release proof, smoke checks, screenshots, and operational reports may be uploaded to Pixilo infrastructure and exposed only through protected operator links. Old proof artifacts are subject to retention cleanup.
Logs and monitoring
Logs and monitoring should avoid secrets and raw card data. Error transport, if configured, must be redacted, bounded, optional, and failure-isolated.
Security reports
Suspected security issues should be sent to the security contact channel with enough detail to reproduce or investigate safely.Contact:security@pixilo.ai