Winslow
Builders
Builders · Security

A layer cake of permissions.

Every actor — human or agent — passes through the same layers of access control. From the menu they see, to the tabs they can open, to the fields they can read or edit, to every API and MCP route they hit. All data filtering happens on the server, so the answer to “can this employee see this?” is the same whether they ask through the UI, the API, or their agent.

The layer cake

Multiple security layers.

A request from a logged-in user clicking a button — or an agent calling an MCP tool — passes through the same checks, in the same order, top to bottom. Each layer can stop the request cold.

Employeein the admin UIAgentvia MCP / API01IdentityWho is this?Workspace · role · audit identity02UIWhat they see & doControl what employees can see and do03API + MCP routesServer-side enforcementEvery route + tool verifies actor04Data filteringOnly what they can seeQuery-layer filter, not client-side
Field-level control

Fine-grain access at the field, not the record.

Every field on an employee record — system or custom — has independent view and edit permissions, per role. You don't grant access to the “employee record;” you grant access to the specific properties the role should see and the specific ones they should be able to write.

FieldManagerHR AdminAgent (Manager-role key)
Full nameviewview + editview
Departmentviewview + editview
Start dateviewview + editview
Base compview (direct reports)view + editview (direct reports)
Equity grantview + edit
Performance ratingview + edit (direct reports)view + editview (direct reports)
Medical / benefitsview
1:1 transcripts (custom)view + edit (own)viewview + edit (own)
Same permissions apply to UI rendering, REST responses, and MCP tool outputs.
Trust & compliance

SOC 2 Type II compliant.

Annual independent audit. Report available on request behind a short form. Encryption in transit (TLS 1.3) and at rest (AES-256). Quarterly key rotation. Role-based access with audit on every permission change. Full audit log export to your SIEM.

See everything we ship
Controls in place
  • SOC 2 Type II · annual audit
  • TLS 1.3 · in transit
  • AES-256 · at rest
  • Keys rotated · quarterly
  • RBAC · granular, auditable
  • SSO · SAML, OIDC (Scale tier)
  • SCIM · identity sync (Scale tier)
  • Audit log export · to your SIEM
  • Data residency · US by default; EU at Scale