# Security and Data Handling
URL: /security-and-data-handling
Type: concept
Description: Manage access, credentials, integrations, and uploaded files using the controls available in Stylo today.
Keywords: security, data handling, credentials, access, privacy
Three controls in Stylo decide how exposed your workspace is: who can get in, which external systems Stylo connects to, and what content you upload. This page walks through tightening each one — managing access, reviewing integration connections, and cleaning up uploaded files.

{/* TODO(docs): screenshot — Members, Integrations, and Knowledge Files settings that control access and uploaded content. Tracked in public/images/README.md. */}

Start with access control [#start-with-access-control]

The strongest security step in Stylo is controlling who can join the workspace and what role they receive.

From **Members**, admins can:

* Invite one person by email
* Review and revoke pending invitations
* Create join links with a preset role
* Set an optional max-use limit on a join link
* Disable a join link when it should no longer work

Use direct invitations when access should go to one known person. Use join links only when you need to onboard a group with the same role.

Join links are broader by design. Anyone with an active link can join with the assigned role until the link is disabled or reaches its usage limit.

Choose the least powerful role that will work [#choose-the-least-powerful-role-that-will-work]

Stylo lets you assign these roles from the access workflows:

* **Viewer**
* **Agent**
* **Admin**

Use the lowest role that still supports the person's job. This matters most when you are creating invitations or join links that could be shared more widely than intended.

If you are onboarding a large group, start with **Viewer** or **Agent** unless the group truly needs settings access.

Review pending access regularly [#review-pending-access-regularly]

Pending invitations and active join links are temporary access paths. Review them when:

* A rollout or training session is complete
* Someone no longer needs workspace access
* You sent an invite to the wrong email address
* A shared join link should stop working

Revoking an invitation blocks that invitation from being accepted later. Disabling a join link stops future use of that link.

Understand what Stylo asks for when you connect an integration [#understand-what-stylo-asks-for-when-you-connect-an-integration]

From **Integrations**, Stylo shows providers as not installed, connected, degraded, auth expired, disconnected, or error.

Some integrations use OAuth. Others ask for an API key or a structured JSON secret in a connection dialog.

For API key based connections, the dialog asks for:

* The provider name
* The expected credential label
* One secret value, entered either as a password field or a JSON text field

Use the provider's own least-privilege credential option when you create that secret. Stylo's connection dialog does not decide the permissions of the key. The permissions come from the external system that issued it.

Use integration status as an operational check [#use-integration-status-as-an-operational-check]

The Integrations page is the quickest place to spot connection problems that can affect AI outputs or workflow actions.

Check integration status when:

* A workflow stops pulling data from another system
* An OAuth connection needs attention
* You want to confirm whether a provider is connected before using it in Stylo

Status labels help you decide what to do next:

* **Connected** means the integration is available
* **Degraded** or **Auth Expired** means the connection needs attention
* **Disconnected** means it is not currently connected
* **Error** means the connection failed and should be reviewed

If an integration is no longer needed, remove or replace that access path from its management flow instead of leaving an unused connection in place.

Know which integrations are available on your plan [#know-which-integrations-are-available-on-your-plan]

Some integrations are plan-gated in the current product. If a provider is locked for your workspace plan, Stylo shows the required plan before connection.

This matters for rollout planning. A missing integration may be a plan limitation, not a setup mistake.

Upload only the file types Stylo supports [#upload-only-the-file-types-stylo-supports]

For file-upload knowledge bases, Stylo accepts these file types:

* `.pdf`
* `.docx`
* `.txt`

After upload, each file moves through a visible processing state:

* **Pending**
* **Processing**
* **Completed**
* **Error**

If a file reaches **Error**, Stylo shows the processing error on that file. Use this to decide whether to retry with a different file or remove the failed upload.

{/* TODO(docs): Screenshot of the Files tab showing accepted file types and processing state badges. Tracked in public/images/README.md. */}

Delete outdated files carefully [#delete-outdated-files-carefully]

Uploaded files can be deleted from the file list. The delete dialog states that this action cannot be undone.

Use deletion when:

* A file was uploaded by mistake
* The content is outdated
* The document should no longer be available in that knowledge base

Do not leave stale or duplicate files in a knowledge base if they should no longer inform retrieval.

Practical review checklist [#practical-review-checklist]

Use this sequence when you want to tighten workspace trust controls:

1. Open **Members** and review admins, pending invitations, and active join links.
2. Revoke invitations that should no longer be accepted.
3. Disable join links that were meant for temporary onboarding.
4. Open **Integrations** and review connection status for each provider.
5. Remove or update connections that are no longer valid for your team.
6. Open the **Files** tab in file-upload knowledge bases and remove outdated uploads.

What this page doesn't cover [#what-this-page-doesnt-cover]

This page is about the controls you can see and use in the product. For storage architecture, encryption, retention, and compliance commitments, ask the Stylo team through your security review rather than inferring them from the UI.

Related [#related]

* [Members and Access](/members-and-access)
* [Integrations](/integrations)
* [Knowledge Sync and Documents](/knowledge-sync-and-documents)