Security & teamsgated by default

The security review,
answered in advance.

Bauta hosts AI-generated content, so it's built like infrastructure that has to be a good citizen. Here's the whole posture — gated by default, sandboxed by construction, EU-hosted.

Read the architecture Enterprise & compliance →

private by defaultiframe-sandboxedEU-hostedappend-only audit

Gated by default

The posture, as a checklist.

None of this is a setting you have to find. It's how the system behaves the moment an artifact exists.

Private by default

Every artifact starts private. Nothing becomes public without an explicit owner action.

Every artifact has an owner

You sign in the first time you deploy, so every artifact is tied to your account from the first upload — and nothing is public unless its owner explicitly opens it.

Sandboxed execution

All artifact code runs in an iframe with sandbox="allow-scripts" and nothing else, on a separate registered domain (bauta-usercontent.com) with no cookies. It can't reach your session, other artifacts, or the parent page.

Deploy-time scanning

Outbound links in deployed content are checked against Google Safe Browsing before anything is stored. Known-bad links reject the deploy.

Rate limits

Deploys, gate attempts, verification emails and abuse reports are all rate-limited.

Report & takedown

Every served artifact page links to an abuse report form. Taken-down content stops serving on every origin immediately.

Append-only audit log

Deploys, sharing changes and email-verified views are recorded append-only — never edited, never deleted.

EU-hosted, cookieless analytics

Artifact content lives in an EU-jurisdiction bucket. View counting uses no cookies and no third-party scripts.

Sharing modes

Four gates. One per artifact, switchable anytime.

Visibility is a property of each artifact, set by its owner. Here is exactly who gets in under each mode.

Mode	Who can view
`private`	Nobody. The default for every artifact; visitors are blocked instantly.
`public`	Anyone with the link. Requires a signed-in owner — only an account can publish publicly.
`password`	Anyone with the link who enters the password you set. Viewers need no account.
`email_otp`	Viewers verify their email with a one-time code. With email grants, only granted addresses get a code; without grants, any address that completes verification may view — and every verified view is recorded in the audit log.

Set with set_sharing · invite with share_via_email — read and write are always separate tools.

Architecture

How it's wired, in plain terms.

The short version your security team can paste into a ticket. The longer version is the same — there's no hidden layer.

Isolation

Code never runs on bauta.app

Artifact code executes inside a sandboxed iframe served from a separate registered domain, bauta-usercontent.com, which carries no cookies and is excluded from search-engine indexing. The control plane (bauta.app) and the content plane never share an origin.

URLs

Stable, predictable, never rewritten

Free artifacts serve at share.bauta.app/<random-id>.

Organizations on paid plans get vanity URLs on their own subdomain: your-org.bauta.app/artifact-name/.

Your URL never changes. You sign in the first time you deploy through the connector, so every artifact is tied to your account from the first upload — and updates or rollbacks keep the same address.

Versioning

Immutable revisions, pointer rollback

Every deploy is an immutable revision behind a stable URL. Rollback only moves the published pointer — nothing is created or deleted. History is a record, not a wager.

Authentication

Standard MCP OAuth

The server is its own OAuth authorization server, supporting Dynamic Client Registration (RFC 7591) and Client ID Metadata Documents (CIMD). No manual client setup.

mcp endpoint

https://bauta.app/mcp

oauth discovery

# authorization server metadata
/.well-known/oauth-authorization-server

Data retention & tiers

What's logged, kept, and for how long.

The audit and retention story, mapped to the plan you're on. Flat and published, like the rest of the pricing.

Plan	Audit & retention
Team $69	Access log visible in-app, 90-day window.
Business $299	Full, exportable audit logs with 1-year retention; analytics dashboard; advanced roles. SAML SSO available as an add-on (+$125/mo, at cost).
Enterprise from $2,000/mo	SSO + SCIM included; data residency; DPA; retention controls & legal hold (custom, up to 7 years); SLA.

See the enterprise ladder →

MCP tool surface

Every tool your agent can call.

Read and write are always separate tools, so least-privilege is the default. Destructive actions are clearly marked.

deploy_artifactcreate a new hosted artifactwrite

update_artifactpush a new immutable revisionwrite

list_artifactsenumerate your artifactsread

rollbackmove the published pointer backwrite

rename_slugchange a vanity pathwrite

set_sharingswitch the visibility modewrite

share_via_emailgrant access by addresswrite

get_analyticscookieless view countsread

export_artifactdownload the raw contentread

delete_artifactremove an artifact permanentlydestructive

whoamicurrent identity & planread

pingconnectivity checkread

Read tools never mutate. Write tools touch exactly one artifact. Only delete_artifact destroys.

Ship it to legal

Bring it to your security team.
We already did.

This page is the questionnaire, answered. When you need the signed version — DPA, SSO, SCIM, residency and legal hold — the enterprise ladder is published, not quoted.

Enterprise & compliance See pricing →