Skip to content
MixerLead AI MixerLead AI MixerLead AI

Security overview

Security is foundational to MixerLead AI. This page summarizes how we protect your workspace and data. For data handling specifics, see Data & privacy; for AI safety, see Responsible AI.

Built on a global edge platform

Section titled “Built on a global edge platform”

MixerLead runs entirely on Cloudflare’s global network. There are no separate application servers to harden or patch — requests are served close to your users with the resilience and DDoS protection of the underlying platform.

Encryption in transit

Section titled “Encryption in transit”

All traffic to MixerLead — the app and the API — is served exclusively over HTTPS/TLS. Always use https:// endpoints and send API keys only over secure connections.

Workspace isolation

Section titled “Workspace isolation”

Your workspace is a strict tenant boundary. Every request is scoped to your workspace, and data in one workspace is not accessible from another. Projects add a further layer of separation inside a workspace.

Authentication

Section titled “Authentication”

Passwordless sign‑in

Sign in with an emailed one‑time code (OTP) or a secure magic link — no password to leak or reuse.

Bot protection

Sign‑up and magic‑link flows are protected by a human‑verification challenge.

Enterprise SSO

Enterprise workspaces can put MixerLead behind single sign‑on using a zero‑trust access layer.

Revocable sessions

Review your active sessions and sign out of devices at any time from Account settings.

API key security

Section titled “API key security”

Workspace API keys are designed to minimize exposure:

  • The full key (ml_live_…) is shown once, at creation; afterwards only a masked hint is stored for display.
  • Keys can be revoked instantly by deleting them.
  • A last‑used timestamp helps you spot unused or suspicious keys.
  • Keys are created and managed only by workspace admins.

Least‑privilege access

Section titled “Least‑privilege access”

Roles (admin, member, viewer) ensure people get only the access they need. Viewers are read‑only; only admins manage billing, members, and API keys.

Content & abuse protections

Section titled “Content & abuse protections”
  • Content moderation is applied to chat input to filter harmful content.
  • Rate limits and quotas protect the platform and your account from runaway usage. See Usage & limits.
  • Uploaded media is access‑controlled — files are served through the application to authorized members, not from a public bucket.

Your responsibilities

Section titled “Your responsibilities”

Security is a shared effort. You can help by:

  • Using SSO and least‑privilege roles for your team.
  • Keeping API keys server‑side and rotating them.
  • Reviewing active sessions and removing members who leave.
  • Connecting only MCP sources you trust.

Reporting a concern

Section titled “Reporting a concern”

Found a vulnerability or have a security question? Contact support@mixerlead.com. See Support.

Section titled “Related”
Data & privacy How your data is stored and controlled.
Responsible AI Safety, grounding, and your oversight.
Members & roles Least-privilege access control.