Answer engine summary
What is enterprise security for an AI sales agent?
Enterprise security for an AI sales agent means three things: tenant isolation that doesn't leak between merchants, credentials that can't be exfiltrated from the database, and lifecycle controls that satisfy GDPR / CCPA without ad-hoc engineering. Zubby scopes every row in the data model to a store_id and routes every query through that scope — no cross-tenant code path exists. Credentials (Shopify access tokens, WooCommerce plugin tokens, connector API keys) live encrypted at rest with a per-app key derived from DATA_ENCRYPTION_KEY; verification uses constant-time compare. A dedicated GDPR worker handles data-request, erasure, and shop-redact webhooks with five retries on exponential backoff, and an audit log records every dashboard action with actor, target, and timestamp. TLS terminates at the edge for every public endpoint, Postgres connections run over SSL, Cloudflare Turnstile gates conversation start under suspicious patterns, and EU + US data residency is selectable on signup.
store_id tenancy
No cross-merchant query path in application code.
Encrypted at rest
Per-app key derivation; constant-time compare for verification.
GDPR worker
Dedicated retry-aware worker for data-request / erasure / shop-redact.
Audit log
Every dashboard action logged with actor, action, target, timestamp.