> ## Documentation Index
> Fetch the complete documentation index at: https://docs.profy.cn/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Privacy

> Sandbox isolation, data protection, and intellectual property safeguards

Profy implements security protections at multiple layers — from sandbox isolation for code execution, to encrypted data transmission, to anti-leak mechanisms for intellectual property, to fine-grained access control.

## Sandbox Isolation

Code execution in each conversation runs in an independent cloud container, achieving process-level isolation:

<CardGroup cols={2}>
  <Card title="Cloud Sandbox" icon="cloud">
    Each conversation session gets an independent container environment. Your code never shares a runtime with other users — containers are fully isolated from each other.
  </Card>

  <Card title="Desktop Sandbox" icon="laptop">
    Profy Desktop uses Seatbelt sandbox technology on macOS, providing two security profiles — network access is disabled by default and switched to a network-enabled profile when connectivity is needed.
  </Card>
</CardGroup>

<Tip>
  Cloud sandboxes are automatically cleaned up after the session ends. Files during the session are saved through a persistent file system, but the containers themselves are ephemeral — every time is a clean execution environment.
</Tip>

## Data Protection

<AccordionGroup>
  <Accordion title="Transport encryption">
    All data is transmitted over HTTPS/TLS encryption. Communication between client and server, as well as between internal microservices, is protected by encryption.
  </Accordion>

  <Accordion title="Storage encryption">
    User files are stored in object storage with server-side encryption enabled. Clients never directly touch storage credentials — all file access uses temporary pre-signed URLs with time-limited validity.
  </Accordion>

  <Accordion title="Credential security">
    Knowledge base connector credentials are encrypted at rest and never exposed in API responses. API Keys are stored using SHA-256 hashes — the plaintext is shown once at creation time, after which the system only retains the hash.
  </Accordion>
</AccordionGroup>

## Intellectual Property Protection

An Expert's cognitive distillation results — mental models, decision heuristics, skill documents — are the creator's core assets. Profy provides multi-layer protection:

<Steps>
  <Step title="Internalized, not exposed">
    The cognitive structures produced by distillation are internalized as the Expert's runtime behavior and cannot be exported as raw prompt text. Users can only converse with the Expert — they cannot "download" the Expert's persona.
  </Step>

  <Step title="Skills are not reverse-engineerable">
    An Expert's skill documents guide AI behavior but are never directly output during conversations. Users experience the Expert's capabilities, not the underlying skill definitions.
  </Step>

  <Step title="Dual-track version review">
    New versions of published Experts must go through review before release. During review, the old version remains online while the new version is reviewed independently, ensuring published content always remains controlled.
  </Step>
</Steps>

## Memory Isolation

Each Expert's memory is strictly isolated by user:

* User A's memory with Expert X ≠ User B's memory with Expert X
* User A's memory with Expert X ≠ User A's memory with Expert Y
* Cross-boundary access always returns 404 (**non-enumerable** — it's impossible to probe whether someone else has memories)

<Note>
  Temporary conversation mode (skip\_memory) ensures the current conversation neither reads existing memories nor creates any new persistent traces. Suitable for handling sensitive topics.
</Note>

## Authentication & Permissions

Profy provides a dual-track authentication system and fine-grained access control:

### Dual-Track Authentication

| Auth Method | Use Case                         | Billing Attribution                   |
| ----------- | -------------------------------- | ------------------------------------- |
| API Key     | Developer directly calls the API | Charges the developer's own credits   |
| OAuth       | App acts on behalf of a user     | Charges the authorized user's credits |

API Keys use the `sk-pro-` prefix and are stored with SHA-256 hashing. OAuth uses the standard Authorization Code Flow, with time-limited Access Tokens and Refresh Tokens with automatic rotation.

### Permission Model

<AccordionGroup>
  <Accordion title="RBAC custom roles">
    Platform administrators can create custom roles by selecting permissions from a module-based permission tree, then assign them to team members. Every admin page has a dedicated permission code gate — having a role doesn't mean having access to all pages.
  </Accordion>

  <Accordion title="Team permissions">
    Team management permissions are based on member roles (owner/admin/member), independent from platform roles. A team owner can manage their own team even without being a platform administrator.
  </Accordion>

  <Accordion title="Session isolation">
    Billing context uses request-level context variables to prevent session data cross-talk between concurrent requests. Different users' conversations, files, and billing are completely isolated at the system level.
  </Accordion>
</AccordionGroup>

## File Security

<CardGroup cols={2}>
  <Card title="Pre-signed URLs" icon="link">
    File access is performed through temporary pre-signed URLs with time-limited validity. Clients never directly hold storage credentials.
  </Card>

  <Card title="Per-user isolation" icon="lock">
    Each user's files are stored under an independent namespace. File access requires identity authentication — it's impossible to access other users' files by guessing URLs.
  </Card>
</CardGroup>

## Security Best Practices

<Warning>
  * Do not share database passwords, API keys, or other sensitive credentials in conversations
  * Use credentials with **minimum necessary permissions** for knowledge base connectors — avoid using full-access admin accounts
  * After creating an API Key, store it securely; revoke it immediately in the Platform console if compromised
  * When team members leave, promptly remove their membership from team management
</Warning>
