Security

Overview

Security is designed into IntelliStudio from architecture through operations. The platform runs as four services (web dashboard, LiveKit voice agent, WhatsApp service, and PostgreSQL) with tenant-scoped data, encrypted credentials, and structured audit logging. Deployments are bespoke; your security requirements are scoped during onboarding.

Infrastructure

• Encryption in transit via TLS for web, API, and service traffic
• Workforce and integration credentials encrypted at rest with AES-256-GCM; secrets are not stored in plaintext in logs
• Production deployments target Azure India regions with private networking; LiveKit media routed to India/Asia regions
• The marketing site at intellistudio.ai applies CSP, HSTS, and related security headers via Next.js configuration, plus rate limiting on the demo request API
• The operator dashboard at app.intellistudio.ai uses JWT session gates, RBAC, and tenant-scoped API routes

Access control

Operator access uses JWT sessions (httpOnly cookies) with database-backed RBAC. Roles and permissions are loaded from the database per tenant, separating admin, operator, and viewer capabilities. Authentication today is email/password with JWT sessions; SSO and MFA are on the enterprise roadmap, not yet shipped in the core product.

Tenant isolation

Multi-tenant by design, with tenant_id on core entities and application-level tenant scoping. Customer agents, knowledge bases, conversations, workflows, and credentials are scoped to your organisation. Workforce tables additionally use row-level security via database migrations; application-level tenant filters enforce isolation across API routes.

Data handling

Conversation transcripts, call recordings where enabled, and uploaded knowledge documents are processed to operate your AI agents. Speech audio for STT is streamed in transit and not persisted offshore by default providers. Data retention and deletion schedules are configured per deployment. See our Privacy Policy for personal data handling on this website and in the service.

Production targets Azure India regions; LiveKit in India/Asia; India-hosted telephony and voice AI providers.

Audit & logging

• Auth event logs, credential audit trails, and tool or configuration change logging
• Agent tool invocations and WhatsApp service audit events are available for operator review
• AI cost controls via per-contact, per-agent, and per-tenant rate buckets on the WhatsApp service
• Export of audit-relevant data available for enterprise deployments on request
• Demo form submissions on this marketing site are rate-limited per client IP (5 requests per minute) with origin validation; limits apply per edge instance on serverless deploys

Incident response

We maintain an incident response process for security events affecting the platform. Enterprise customers receive defined notification timelines in their service agreement. To report a vulnerability or security concern, contact security@intellistudio.aiwith subject line "Security".

Contact

For security questionnaires, penetration test coordination, or compliance documentation requests, email security@intellistudio.ai.IntelliStudio is headquartered in Singapore.