← Back to home

Security

Last updated: July 01, 2026

TL;DR

  • Runs entirely on best-in-class managed cloud infrastructure — there is no server to patch and no exposed database to breach.
  • Card data never touches the platform — payments are handled end-to-end by a PCI DSS Level 1 provider.
  • Setup mistakes fail closed: the database denies everything by default, so an incomplete setup breaks features — it doesn't leak data.
  • Every client workspace is isolated at three independent layers, and every AI action requires human confirmation before it can change anything.
  • Single-tenant by design: your deployment holds only your business's data — never pooled with other companies.
  • No black box: the owner holds the complete source code, so every claim on this page can be independently audited.

How Productive Focus AI Hub works — context first

Productive Focus AI Hub isn't a shared platform you sign up to. When you purchase Productive Focus AI Hub, you — the owner — spin up your own private CRM, under your own brand (“YourCRM”), running on accounts you control with best-in-class providers for data, payments, and hosting. One deployment, one owner. Your client workspaces live inside your deployment and nowhere else. Everything below describes how that deployment protects the data inside it.

Security claims are easy to make and hard to check. This page explains, in specific terms, how Productive Focus AI Hub protects the data inside it — the architecture, the defaults, and, honestly, the parts that are your responsibility as an operator.

1. Built on best-in-class managed services

Productive Focus AI Hub does not run on hand-managed servers. Data storage, payments, and hosting are each delegated to best-in-class managed cloud platforms — the same infrastructure providers trusted by banks, healthcare companies, and Fortune 500 enterprises.

That means there is:

The most common causes of real-world data leaks — unpatched servers, exposed database ports, default credentials — are not risks this architecture merely mitigates. They are categories of mistake that cannot happen, because the components they apply to don't exist here.

2. Fail-closed by default

A fair question about any self-managed software: “what if the operator sets it up wrong?” The answer here is that the platform is designed to fail closed:

In other words: the failure mode of an incomplete or incorrect setup is an app that doesn't work yet — not an app that leaks.

3. Workspace isolation, enforced three times

Productive Focus AI Hub is multi-workspace: each client workspace holds its own contacts, deals, conversations, and records. Isolation between workspaces is enforced at three independent layers, so a failure in any one layer is caught by the others:

  1. Database-level security rules — every read and write is checked against the caller's verified workspace membership, at the data layer itself, before any data moves.
  2. Server-side permission checks — every API endpoint independently re-verifies the caller's identity, role, and workspace membership from their authenticated session. Nothing is trusted from the browser.
  3. Record-level re-anchoring — whenever one record references another (a deal's contact, a task's owner), the platform re-verifies the referenced record belongs to the same workspace before acting. A crafted or mistaken ID cannot reach another workspace's data.

4. Roles and access control

5. Secrets and credentials

6. Public links that can't be forged

Some pages are deliberately public — a quote sent to a customer, a booking page, an unsubscribe link, a payment link. Every one of them is protected by a cryptographically signed token:

7. Verified integrations

Every inbound webhook — payment events, inbound messages, call events, scheduled jobs — is signature-verified before a single byte is processed. A request that doesn't carry a valid cryptographic signature from the expected service is rejected. There is no unauthenticated write path into the platform. Outbound webhooks are signed too, so your own integrations can verify that events genuinely came from your deployment.

8. AI, with a human in the loop

Productive Focus AI Hub includes AI assistants and AI conversation agents. They are governed by strict, structural limits:

9. One deployment, one owner — a smaller blast radius

Unlike a traditional SaaS platform, where thousands of companies' data sits in one shared system and a single breach exposes everyone, each Productive Focus AI Hub deployment is single-tenant: it holds one business's data, in accounts that business controls. Your data is not pooled with anyone else's, is not mined or resold, and can be exported or deleted by you at any time.

10. No black box

Perhaps the most important difference: Productive Focus AI Hub is not a black box you have to take on faith. The operator of a deployment owns the complete source code. Every claim on this page is verifiable by reading it — or by having any security professional of your choosing read it. Closed platforms ask for trust; this one can be audited.

11. What's on you (honesty matters)

No architecture removes every responsibility. If you operate a deployment, the platform's security assumes you will:

These are the same obligations you'd have with any business software — including SaaS, where your team's passwords are just as much the weakest link.

12. Reporting a security concern

If you believe you've found a vulnerability, we want to hear about it — please report it privately rather than publicly, so it can be fixed before details circulate. and we'll take it from there. Good-faith reports are always welcome and never punished.