# Lifter — Security and trust An AI workforce you can put your name on. Centralised access. Approval before anything risky. Every action logged. ## At a glance - 100% of credentials held by Lifter. The model never sees a key. - Every action is logged with approver, decision, and result. - Three deployments: our cloud (Sydney), your cloud, or hybrid. ## Six principles 1. Your data stays yours. We never use your data to train models. Deploy in our cloud in Sydney, your AWS/GCP/Azure account, or split. 2. The model never sees your keys. Credentials live with Lifter, encrypted. Agents get the ability to act; they never see the credential. 3. Risky actions pause for a human. Refunds, customer messages, paid spend, inventory changes pause in the channel your team uses. 4. Every action is logged: who asked, what ran, what it touched, who approved it. Exportable to S3, Datadog, Splunk, or your SIEM. 5. Permissions by person, agent, and tool. Allow, Ask, or Deny per pairing. 6. One workspace per customer. Per-customer container with isolated storage — not a shared multi-tenant database. ## Where your data lives - Our cloud (Sydney) — managed and monitored by Lifter. - Your cloud — runs entirely inside your AWS, GCP, or Azure account. - Hybrid — admin UI in our cloud, runtime in yours. ## Allow / Ask / Deny Each tool has one of three stances per specialist. - Allow: safe, reversible, audited. Runs without interruption. - Ask: pauses in the channel your team uses, for a human to decide. - Deny: the tool is hidden from that specialist entirely. ## The model never sees a credential. Ever. 1. Agent: wants to issue a refund. Sees the action's name only. 2. Gateway: looks up the right credential, checks the rules (auto-approve, ask, or block). 3. Human: approves in the team's channel with full context, recorded. 4. Gateway: performs the action against the vendor on the agent's behalf. 5. Agent: gets the result. No credentials ever exposed to the model. ## The audit trail For every action we capture who, what, when, the permission stance, the approver if Ask, and the result (with secrets redacted). Exportable to your audit pipeline in real time; retention follows your policy. ## Contact - security@lifter.work — replies within one business day.