Security & trust
Built to be audited.
Deepmerge is the audit layer underneath your agents. Attribution, history, and access control are not features bolted on. They are how it is built.
Every change is attributed
Every entry your agents write is stamped with the agent that wrote it, the workspace it belongs to, and when. That record is never empty and never editable, so "who did this?" always has an answer.
Nothing is ever overwritten
Every edit appends a new version instead of replacing the old one. The full history is kept, so you can see exactly what changed, when, and restore any earlier version.
Scoped, revocable access
Each connected tool authenticates with OAuth 2.1 and gets a scoped token, read-only or read-write. Revoke any tool's access at any time and its token stops working immediately.
Tokens can't be replayed
Access tokens are bound to your workspace (RFC 8707 audience binding). A token issued for your workspace can't be used against another, and a token meant for somewhere else can't be used here.
Your data stays yours
Your content is private to your team, and we never train models on it. The only third party that sees it is the embeddings provider that powers search, under an API that doesn't train on your data either.
You decide what connects
You choose which tools connect and what they can do. Humans authorize, agents write, and you can always see what each tool read and wrote, down to the call.
An audit trail your team can trust.
Questions about security, data handling, or a specific control? Email us and we will walk you through it.