Security

Security Overview

This page summarizes the controls and operational practices Vutler applies to protect the platform, customer workspaces, and connected integrations.

Last updated: April 1, 2026
Operator: Starbox Group GmbH
Contact: security@starbox-group.com

1. Security principles

  • Least-privilege access for internal operations and customer workspaces.
  • Segregation between public site, authenticated application, and backend service layers.
  • Encrypted transport for web traffic and authenticated sessions.
  • Monitoring, logging, and operational review of security-relevant events.

2. Workspace and application controls

  • Authenticated routes are protected by session cookies and route guards.
  • Workspace feature gates and server-side validation reduce unauthorized feature access.
  • Administrative surfaces use separate admin session handling.
  • Providers, integrations, and runtime actions are mediated through application services rather than direct client trust.

3. Infrastructure and data handling

Vutler is designed around Swiss-hosted operations and controlled storage layers. Access to production systems is restricted to authorized personnel with an operational need.

We use logs, audit trails, and service-layer checks to support incident response, troubleshooting, and abuse detection.

4. Customer responsibilities

  • Use strong authentication practices and protect workspace credentials.
  • Review agent instructions, provider selections, and connected integrations before processing sensitive data.
  • Apply your own internal review process for high-risk outputs and regulated workflows.
  • Notify us promptly if you believe your account or workspace has been compromised.

5. Vulnerability disclosure

If you discover a vulnerability, please report it responsibly and give us a reasonable opportunity to investigate and remediate before public disclosure.

Security reports should be sent to security@starbox-group.com. Include steps to reproduce, affected URLs or features, impact, and any proof-of-concept details that help us validate the issue.

6. Incident response

When we identify a material security incident, we work to contain, investigate, remediate, and document it. Where required by law or contract, affected customers will be notified within the applicable timeframe.