Security Overview

How Ohwait approaches security for product images, brand assets, design profiles and generated content.

Updated: May 21, 2026

Data flow

Ohwait separates public marketing pages from private workspace data. User projects, Design Profiles, Assets, chat snapshots and generated outputs should be stored under user-scoped records and protected object storage.

Current security principles

Use authenticated access for private project, profile, asset and generation records.
Store large images in object storage and keep the database focused on metadata and references.
Use least-necessary context when sending data to AI model providers.
Avoid indexing private workspace pages, API routes, user chats and uploaded assets.
Log enough for abuse prevention and debugging without exposing private design content unnecessarily.

Enterprise roadmap

Workspace-level roles and permissions.
Project sharing controls and revocable links.
Regional asset storage strategy for overseas and mainland China users.
Data export and account deletion workflows.
Model-provider transparency for enterprise customers.