Inserloft Security
Last Updated: June 2026
Security Version: 1.0
Security First
At Inserloft, security is a fundamental part of every product and service we build. Whether you are using Pixel, Cleo, Cleo Code, PIX CLI, or future Inserloft services, protecting your data, projects, and account is one of our highest priorities.
Our approach combines secure infrastructure, privacy-focused product design, controlled access policies, and continuous monitoring to help keep users and organizations protected.
Security Overview
| Area | Status |
|---|---|
| HTTPS / TLS Encryption | Active |
| Data Encryption at Rest | Active |
| Private Projects by Default | Active |
| Account Data Deletion | Available |
| Role-Based Permissions | Active |
| Responsible Disclosure | Available |
| Session Management | Planned |
| Suspicious Login Detection | Planned |
| Multi-Factor Authentication (MFA) | Planned |
| Passkeys | Planned |
| Audit Logs | Planned |
| Public Security Incidents | Planned |
| Status Page | Planned |
Data Privacy
We believe users should remain in control of their information.
Users can request the deletion of their account and associated data. Information is handled according to our Privacy Policy and internal security standards.
Certain data may be used to improve Inserloft services and AI models. However, users will have controls regarding how their data may be used for service improvements and model development.
Project Security
Pixel Projects
All newly created Pixel projects are private by default.
Private projects:
- Are not publicly accessible.
- Are not indexed by search engines.
- Cannot be accessed by unauthorized users.
- Remain under the control of their owners and authorized collaborators.
Users may choose to make projects public when desired.
Account Security
All Inserloft products use a unified account system.
A single Inserloft account can be used across:
- Pixel
- Cleo
- Cleo Code
- PIX CLI
- Future Inserloft services
Security measures include:
- Secure password hashing
- Protected authentication systems
- Encrypted communication
- Access controls
- Account recovery procedures
Additional protections planned for future releases include:
- Multi-Factor Authentication (MFA)
- Passkey support
- Active session management
- Suspicious login detection
Cleo & Cleo Code
Cleo
Cleo conversations may be stored to provide conversation history, account synchronization, and product functionality.
Users will have controls regarding data retention and service-improvement participation where applicable.
Cleo Code
Cleo Code may operate locally, remotely, or through a combination of both depending on the task being performed.
Access to Pixel projects requires explicit authorization through the user’s Inserloft account permissions.
Sessions are isolated between users to help prevent unauthorized access to data, files, or project resources.
Organization Security
Inserloft supports collaborative environments through:
- Teams
- Organizations
- StartUps
- Companies
Company accounts may require additional verification and legal documentation before activation.
Role-based access controls allow organizations to manage permissions and access levels for members.
Examples include:
- Owner
- Admin
- Member
- Viewer
Additional roles may be introduced in future releases.
Infrastructure Security
Inserloft operates using a mixed infrastructure model designed to improve reliability, scalability, and security.
Security measures include:
- HTTPS/TLS encryption
- Encrypted data storage
- Backup systems
- Infrastructure monitoring
- Access restrictions
- Security logging
- Incident response procedures
Our systems are continuously evaluated and improved as our platform grows.
Internal Access Controls
Access to user information is restricted and granted only when necessary for operational, support, legal, or security purposes.
Authorized personnel are subject to internal security policies and confidentiality requirements.
Access requests are reviewed and limited according to operational needs.
Responsible Disclosure
We welcome responsible security research.
If you discover a security vulnerability affecting an Inserloft product, please report it privately and provide as much information as possible, including:
- Description of the issue
- Steps to reproduce
- Potential impact
- Relevant screenshots or logs
Please do not publicly disclose vulnerabilities before they have been investigated and addressed.
Security Transparency
Transparency helps build trust.
As Inserloft grows, security-related incidents, service interruptions, and important security announcements may be published publicly through dedicated transparency and status channels.
This commitment allows users and organizations to remain informed about the health and security of our services.
Security Contact
Security-related reports and inquiries can currently be sent to:
Dedicated security reporting channels may be introduced in the future.
Our Commitment
Security is not a one-time feature. It is an ongoing process that evolves alongside our products, infrastructure, and community.
We continuously work to improve our security practices so developers, creators, teams, startups, and companies can build on Inserloft with confidence.