Security and control for visibility workflows.
VisiPilot is designed as a lean SaaS MVP with authenticated access, organization-based data boundaries, server-side secrets, manual exports, and clear AI output review before anything is published.
Authenticated dashboard access
- Dashboard routes require authenticated access.
- Project data is scoped to organizations and workspaces.
- Magic link, password, and OAuth flows are handled through Supabase Auth.
Database access controls
- Supabase Row Level Security protects user-owned tables.
- Users should only access records connected to organizations where they are members.
- Sensitive service role keys stay server-side through environment variables.
Controlled publishing workflow
- VisiPilot creates draft recommendations, copy, schema, Proof Packs, and Ship Packs.
- The MVP focuses on manual copy, download, and export workflows.
- Auto-posting and video workflows remain disabled behind feature flags unless enabled later.
AI output boundaries
VisiPilot uses website evidence, audit data, brand memory, recommendations, and competitor context to generate structured outputs. Users should review all copy, schema, and proof claims before publishing.
The product does not claim to directly query, influence, manipulate, or guarantee placement in ChatGPT, Claude, Gemini, Perplexity, Google AI Overviews, or any AI search engine.
Billing and usage controls
Paid actions are designed to use credits. Credit transactions and usage events make expensive actions auditable for the user and workspace.
Stripe handles checkout, subscriptions, billing portal sessions, and webhook signature verification on the server side.