Privacy, compliance, and secrets
Security and privacy controls span the dashboard, your backend integration, and your provider accounts.
User and Client data
Section titled “User and Client data”A User is the person who talks to an agent. A Client is the Hyponema operator. Do not use old subject terminology in new integrations, docs, or support workflows.
Keep User identifiers stable but minimal. Avoid embedding sensitive personal data in identifiers, tags, logs, or metadata.
Secrets
Section titled “Secrets”Keep these values secret:
- Workspace API keys.
- Provider credentials.
- Webhook secrets.
- Telephony and messaging credentials.
- Any backend signing material used for browser-facing sessions.
Use Settings for API keys and provider credentials. Do not place secrets in prompts, browser snippets, mobile clients, public docs, or source control.
Privacy and compliance settings
Section titled “Privacy and compliance settings”Use Settings Privacy and Compliance to manage workspace privacy posture and compliance workflows. Use agent Privacy for agent-specific behavior.
Workspace API keys do not expose dashboard-only privacy and compliance actions such as compliance exports, User erasure, recording retrieval, privacy control changes, or provider credential management. Keep those workflows behind dashboard member access.
Use Settings Audit to review privileged workspace activity. Audit review is especially important after member changes, API key rotation, provider credential updates, compliance exports, billing changes, and distribution setup changes.
Operational hygiene
Section titled “Operational hygiene”- Give members the minimum access they need.
- Rotate keys when access changes.
- Review observability and logs without copying secrets into tickets.
- Keep provider account access aligned with workspace membership.
- Treat billing interruptions and disabled channels as operational incidents until resolved.