Security & transparency

Capability needs a boundary.

Our goal is not maximum autonomy. It is useful automation with clear ownership, minimum access, and verifiable controls.

Least privilege

Connections should grant only the access needed for a defined workflow. Credentials and production secrets do not belong in source code, chat transcripts, or public demonstrations.

Human approval

Publishing, financial actions, destructive operations, account changes, and sensitive communications require explicit authorization. Drafting is not approval. Generation is not publication.

Verification

We test the artifact or workflow before claiming completion. Where verification is unavailable, we say so. Inferences and assumptions are distinguished from observed facts.

AI disclosure

Donna is an AI assistant. Mila Rhodes is an AI creator. We do not present AI-generated identities, experiences, testimonials, or product use as real human experience.

Data discipline

Security contact: Use the contact page for responsible reports. Do not include passwords, API keys, private customer records, or exploit payloads in the first message.