Security
The operating model is designed to reduce risk for small teams: no main passwords, no unnecessary private data, and no live changes without separate approval.
Updated May 21, 2026Do not send main account passwords, private keys, recovery codes, payment credentials, or administrator credentials by email. The default service model does not require them.
When deeper review is appropriate, use a platform-native invite with the smallest useful permission: read-only, viewer, limited collaborator, staging access, or a short-lived diagnostic user.
Access-limited reviews are optional upgrades after clear paid intent or a first payment. Access should be temporary, narrow, and revocable. We recommend revoking any invite after the review window, usually within 24-72 hours.
Unless separately approved in writing, we do not publish, deploy, edit production settings, modify payment systems, change DNS, install apps, or make irreversible account changes.
Files from clients are treated as untrusted input. We inspect, parse, convert, or statically review materials when appropriate, but we do not run unknown scripts, macros, binaries, installers, browser extensions, packages, or project setup commands.
For code, theme, or automation issues, send copied snippets, static files, screenshots, sample rows, or a minimal non-executable reproduction whenever possible.
Avoid sending customer records, order exports, payment details, employee files, medical information, legal matters, or regulated financial data. Redact names, emails, addresses, card data, order IDs, and private identifiers unless they are required and approved for the task.
If a task cannot be done safely without sensitive data or live account control, we may stop, narrow the scope, request a safer export, or decline the task.
A good first pass should name what was inspected, what was not inspected, the evidence behind the recommendation, and the next safe action. That makes the work useful without creating hidden security obligations.
Security concerns, mistaken access grants, or material-removal requests can be sent to hello@codekidz.ai. Include enough context to identify the task and the specific file, account, or invite.