Security

Bardo's main security posture starts with product scope. The service is designed to keep campaign files and workspace context local where possible, while the hosted surface focuses on account access, approvals, billing, metering, and status-related workflows.

That means the Bardo website is not intended to be the primary home for your local campaign content.

The hosted surface includes the public website, authentication and dashboard flows, subscription handling, and bridge approval or session workflows. Like any hosted service, that surface still depends on software updates, infrastructure, and third-party providers.

This page is a high-level overview only. It should not be read as a promise of specific certifications, audit results, or formal security commitments that Bardo does not publicly publish.

You are responsible for securing the machines, clients, credentials, and local workspaces you connect to Bardo. Review generated output, control which tools you authorize, and protect any secrets stored in your own environment.

If you use Bardo through another client or AI provider, that external toolchain becomes part of your security boundary as well.

Bardo will update this page if the public security posture or hosted service boundary changes materially. Questions about security can be sent through the main Bardo support channels.