Wavetable

Security

Security that is architecture, not settings.

The properties below are how Wavetable is built. They hold for every workspace, on every tier, without configuration.

Isolation

One database per tenant. Physically.

Each workspace gets its own SQLite database, its own coordinating runtime object that serializes every write, its own object-storage prefix, and its own vector index namespace. There is no cross-tenant query path in the codebase, and no function accepts a tenant id from a request payload: tenancy comes only from the authenticated context.

Erasure

Deletion by crypto-shredding

Event payloads and message bodies are envelope-encrypted with per-subject data keys (master key, then per-tenant key, then per-subject key). Erasure shreds the subject's keys, redacts their claims, and rebuilds projections. The append-only log keeps its audit integrity; the erased content is permanently unreadable.

Agents

Structurally bounded AI

Agents (ours and any external agent on your MCP endpoint) can read, draft, and propose. No external sends without a capability minted by an approved policy, no claim acceptance, no projection writes, per-seat daily budgets. These limits live in the runtime, not in prompts.

Injection

Untrusted by default

Connector-derived content (emails, page content, SMS) is data, never instructions. It is wrapped as untrusted before any model sees it, and extraction runs under strict output schemas. A malicious email cannot instruct your agent.

Audit

Audit by construction

Approvals, policy changes, agent tool calls, MCP access, and sends are events in the same append-only log as everything else. The audit trail has no gaps to close because it is the substrate itself.

Secrets

Secrets stay out of the data plane

Connector credentials live in the platform secret store, encrypted per tenant. They are never written to the tenant database, never logged, and never included in model prompts. Outbound credentials are resolved at send time only.

Sessions and access

Boring auth, on purpose.

Human access uses email and password with server-side session cookies (no tokens in browser storage). Machine access uses hashed per-workspace keys. External agents use OAuth 2.1 with revocable, scoped capability tokens. Same-origin checks protect every cookie-authenticated route.

Posture

Where we are, stated plainly.

Wavetable is designed against SOC 2 control objectives: access logging everywhere, change management through approvable, versioned artifacts, and documented decision records for every significant design choice. We have not yet completed SOC 2 certification, and we will not imply otherwise. When that changes, this page will say so.

Disclosure

Found something? Tell us.

Report vulnerabilities to security@adwave.com. We acknowledge within 2 business days, keep you informed, and do not pursue good-faith research. Machine-readable details live in security.txt.