Built for accountable marketing operations.
BAT runs marketing work the way an audited agency would: clear plans, source-backed recommendations, explicit approval checkpoints, and a reversible activity log. This page summarizes the controls that make that possible and the principles behind them.
Controls in every workspace.
Concrete safeguards in every BAT workspace. These are enforced at the platform layer, not on the honor system.
Role-based access
Admins control who can run, approve, and publish work. Client users get a read-and-comment view by default; elevation is explicit and audited.
Workspace-level data isolation
Every workspace is a hard boundary. Brand intelligence, evidence, prompts, and integrations never cross workspaces, even within the same account.
Auditable, reversible actions
Every action a BAT operator takes (recommendations, edits, publishes) is captured with timestamps, source links, and a one-click rollback path.
Evidence-linked outputs
Recommendations cite the workspace data they were grounded in. If the source goes away, the claim does too, preventing hallucinated stats from reaching clients.
Approval gates on high-impact mutations
Publishing posts, sending emails, and changing live integrations all pause for explicit approval. No surprise actions, no off-the-record edits.
Encryption in transit and at rest
TLS 1.3 for every connection. Data at rest is encrypted with AES-256. Backups are encrypted with separately managed keys.
Operating principles.
How BAT decides when controls are not enough, the defaults that govern every workflow.
Least privilege by default
BAT operators run with the minimum permissions a task requires. Elevated actions are explicit, time-bounded, and logged.
No silent autonomy
BAT shows you what it is about to do before it does it, and what it just did after. The activity stream is the source of truth.
Reversibility over speed
Where reversibility and speed conflict, BAT chooses reversibility. A slower workflow you can roll back beats a fast one you cannot.
Reporting an issue.
If you believe you have found a security issue, email [email protected] with steps to reproduce. We acknowledge reports within one business day and credit researchers in our public changelog where appropriate.
Marketing you can actually audit.
Workspace isolation, role-based access, evidence-linked outputs, and a reversible activity log. Built for teams that have to answer for what shipped.