Skip to main content
This page covers customer-facing security and privacy controls available in Custory.

Workspace access

A workspace is the top-level access boundary for a team, product, or product area. For role assignment and invites, see Manage your team.
RoleAccess
OwnerManages workspace settings, billing, members, integrations, ownership transfer requests, and workspace deletion.
EditorMaintains journeys, items, automations, integrations, and day-to-day workspace context.
ViewerReads workspace context without editing it.

Integrations

Integrations are scoped to a workspace.
  • Owners and editors can connect and disconnect tools in Manage Integrations.
  • Viewers cannot manage integrations.
  • OAuth and manual integration tokens are encrypted before storage.
  • The UI may show safe identifiers such as account names, project names, or token prefixes.
  • Disconnecting an integration removes it from the workspace.
  • Linked task records associated with a disconnected integration are also removed.

MCP keys

MCP lets external AI clients work with Custory workspace context through workspace-scoped keys. MCP keys support:
  • 30 days, 90 days, and Never expiry choices
  • copy-once generated tokens
  • stored token prefixes for later identification
  • key revocation from the Keys tab
Create separate keys for separate clients or use cases when you want easier cleanup.

Workspace deletion

Workspace deletion is owner-only and destructive. When an owner deletes a workspace, Custory cancels paid billing for that workspace as part of the deletion flow. If the workspace should continue, transfer ownership or remove individual members instead.

Vendor review

This page does not replace a vendor security review. If your team has compliance, procurement, or legal requirements, confirm them directly during evaluation.