Inserloft Security

Last Updated: June 2026
Security Version: 1.0

Security First

At Inserloft, security is a fundamental part of every product and service we build. Whether you are using Pixel, Cleo, Cleo Code, PIX CLI, or future Inserloft services, protecting your data, projects, and account is one of our highest priorities.

Our approach combines secure infrastructure, privacy-focused product design, controlled access policies, and continuous monitoring to help keep users and organizations protected.


Security Overview

AreaStatus
HTTPS / TLS EncryptionActive
Data Encryption at RestActive
Private Projects by DefaultActive
Account Data DeletionAvailable
Role-Based PermissionsActive
Responsible DisclosureAvailable
Session ManagementPlanned
Suspicious Login DetectionPlanned
Multi-Factor Authentication (MFA)Planned
PasskeysPlanned
Audit LogsPlanned
Public Security IncidentsPlanned
Status PagePlanned

Data Privacy

We believe users should remain in control of their information.

Users can request the deletion of their account and associated data. Information is handled according to our Privacy Policy and internal security standards.

Certain data may be used to improve Inserloft services and AI models. However, users will have controls regarding how their data may be used for service improvements and model development.


Project Security

Pixel Projects

All newly created Pixel projects are private by default.

Private projects:

  • Are not publicly accessible.
  • Are not indexed by search engines.
  • Cannot be accessed by unauthorized users.
  • Remain under the control of their owners and authorized collaborators.

Users may choose to make projects public when desired.


Account Security

All Inserloft products use a unified account system.

A single Inserloft account can be used across:

  • Pixel
  • Cleo
  • Cleo Code
  • PIX CLI
  • Future Inserloft services

Security measures include:

  • Secure password hashing
  • Protected authentication systems
  • Encrypted communication
  • Access controls
  • Account recovery procedures

Additional protections planned for future releases include:

  • Multi-Factor Authentication (MFA)
  • Passkey support
  • Active session management
  • Suspicious login detection

Cleo & Cleo Code

Cleo

Cleo conversations may be stored to provide conversation history, account synchronization, and product functionality.

Users will have controls regarding data retention and service-improvement participation where applicable.

Cleo Code

Cleo Code may operate locally, remotely, or through a combination of both depending on the task being performed.

Access to Pixel projects requires explicit authorization through the user’s Inserloft account permissions.

Sessions are isolated between users to help prevent unauthorized access to data, files, or project resources.


Organization Security

Inserloft supports collaborative environments through:

  • Teams
  • Organizations
  • StartUps
  • Companies

Company accounts may require additional verification and legal documentation before activation.

Role-based access controls allow organizations to manage permissions and access levels for members.

Examples include:

  • Owner
  • Admin
  • Member
  • Viewer

Additional roles may be introduced in future releases.


Infrastructure Security

Inserloft operates using a mixed infrastructure model designed to improve reliability, scalability, and security.

Security measures include:

  • HTTPS/TLS encryption
  • Encrypted data storage
  • Backup systems
  • Infrastructure monitoring
  • Access restrictions
  • Security logging
  • Incident response procedures

Our systems are continuously evaluated and improved as our platform grows.


Internal Access Controls

Access to user information is restricted and granted only when necessary for operational, support, legal, or security purposes.

Authorized personnel are subject to internal security policies and confidentiality requirements.

Access requests are reviewed and limited according to operational needs.


Responsible Disclosure

We welcome responsible security research.

If you discover a security vulnerability affecting an Inserloft product, please report it privately and provide as much information as possible, including:

  • Description of the issue
  • Steps to reproduce
  • Potential impact
  • Relevant screenshots or logs

Please do not publicly disclose vulnerabilities before they have been investigated and addressed.


Security Transparency

Transparency helps build trust.

As Inserloft grows, security-related incidents, service interruptions, and important security announcements may be published publicly through dedicated transparency and status channels.

This commitment allows users and organizations to remain informed about the health and security of our services.


Security Contact

Security-related reports and inquiries can currently be sent to:

Dedicated security reporting channels may be introduced in the future.


Our Commitment

Security is not a one-time feature. It is an ongoing process that evolves alongside our products, infrastructure, and community.

We continuously work to improve our security practices so developers, creators, teams, startups, and companies can build on Inserloft with confidence.