Trust

Security

WebAnnotates is built around project-scoped access, authenticated APIs, and operational controls designed to keep review workflows separated and manageable.

Last updated May 13, 2026

Access control

Workspace access is tied to authenticated user sessions, and project workflows are designed around project-specific permissions and token-scoped embed behavior.

Integrations

Jira, Notion, and GitHub connections are authorized per project. Personal coding-agent runners are paired to one user, use outbound HTTPS polling, and may claim only that user’s queued jobs for verified repositories.

Operational safeguards

We use service-side validation, usage enforcement, and project separation to reduce accidental data exposure and keep collaboration environments isolated.