Trust & security

Your data. Your rules. Every action accounted for.

Fuze automates critical operations, which means it has to earn a higher standard of trust than a chat window. Here is how your data is protected and kept under your control.

Our commitment

Everything Fuze does is built on the same foundation: your data stays yours, the AI only does what you allow,
and you can always see what happened.

Private by default Your business data lives in your own isolated tenant. Credentials for connected systems are stored encrypted, and workflows only see the data the job needs.
Controlled by you Your permissions and approval rules govern every workflow. Critical actions pause for a team member to green light before anything goes live.
Auditable end to end Every workflow run is recorded, and run history is preserved as an audit trail even when workflows change. You can always answer "what did the AI do, and who approved it?"

How it works in practice

Credentials

Encrypted connections to your systems

  • When Fuze connects to systems such as Xero, portals, or file stores, the access tokens are stored encrypted, never in plain text.
  • Connection tokens are tracked with an active/revoked status, so access to an external system can be cut off at any time.
  • Each workflow uses only the connections it has been granted; nothing is shared implicitly.
Permissions

The AI only sees what the job needs

  • Permissions are defined per user and per workflow: which files, tools, records, and apps each one can access.
  • Fuze AI operates inside those boundaries. A reporting workflow cannot touch procurement records unless you allow it.
  • Chat answers respect the same permissions as everything else, so people only see data they are entitled to.
  • Fuze never trains AI models on your business data.
Human approval

A green light before anything goes live

  • Approval gates can be added to any workflow step. Fuze does the heavy lifting, then pauses and waits for your green light.
  • Approvals are structured: named approver groups, individual approvers, and confirmations are all recorded, not just a button click.
  • Human-intervention links are single-use tokens, so an approval cannot be replayed or forwarded.
Audit trail

Every run, recorded

  • Each workflow run is logged with its inputs, outputs, and the approvals it passed through.
  • Run history is retained throughout workflow edits and personnel changes, preserving the audit trail over time.
  • Approval events form their own timeline: who was asked, who confirmed, and when.
Access

Sessions and sign-in, managed properly

  • User sessions are tracked and expire, requiring periodic re-authentication. Magic-link and verification tokens are single-purpose and time-limited.
  • Organisation invitations are explicit and revocable, so access ends when someone leaves.

Ask us anything

Have questions about data security or want a walkthrough of how approvals and permissions would map onto your organisation?
We are happy to go as deep as your team needs.

Trust is earned per workflow.

Start with one process, have human approval on every action, and widen the AI's permissions as it proves itself.

Talk to us about security