Security is not a page badge; it is enforced through passwords, tokens, tenant boundaries, audits, and credential handling.
01
Platform account security
Passwords use Argon2id hashing. Refresh tokens are stored only as hashes and continuously rotated; replay revokes the whole token family.
HttpOnly cookies and CSRF protection
Rate limiting for sign-in and sensitive routes
Password changes revoke prior sessions
02
Multi-tenant isolation
The user console derives the personal tenant from the authenticated identity and never trusts a tenant_id from the frontend. Every resource request verifies membership and permission.
03
Telegram credential boundary
Sessions are encrypted with an independent key. Administrators cannot view them in plaintext. Users can revoke authorization, and the platform does not provide bulk messaging, member invitations, or spam tools.
04
Traceable administration
Disabling users, revoking sessions, and changing system settings write audit entries that ordinary users cannot modify. Sensitive fields are masked automatically.
Create your secure automation entry point.
After registration and verification, connect Telegram, choose bots, set a schedule, and review execution records.