Ready
Security

Security

EcomHawk uses least-privilege access, customer-authorized OAuth connections, encrypted token handling, and account-level isolation to protect customer data.

Authorization

Customers authorize supported integrations through OAuth or platform-approved connection flows. Access can be revoked through the connected platform or by contacting support.

Token handling

Refresh tokens and integration credentials are stored through a server-side secret store and are not exposed to the browser dashboard.

Tenant isolation

Each client/account is tracked separately with its own agent kind, connection status, metrics, recommendations, and trust mode.

Operational controls

Recommendations can run in observe, approval, or autonomous mode. Guardrails limit spend, budget changes, pricing workflows, and other operational actions.