Automate the Journey, Inc. Customer Journey Automation
Least privilege Change logging Secure defaults

Security Overview

We treat your client data and brand reputation as mission-critical.

1. Architecture & data flow

  • Your workspace - Automations run inside your own GoHighLevel account. We configure and maintain them; you retain full ownership.
  • Secrets management - API keys and tokens are stored in encrypted vaults with role-scoped access. They are never hard-coded or committed to source control.
  • AI usage - Any AI features we deploy on your behalf use APIs with data-processing agreements in place. Your data is never used for model training.

2. Access controls

  • Least privilege - Team members receive only the permissions required for their role. Access is reviewed quarterly.
  • Separate roles - Administrative, development, and support functions use distinct credential sets with no shared passwords.
  • Device posture enforcement - Devices accessing production systems must meet minimum security requirements including disk encryption and up-to-date OS patches.

3. Development & change management

  • Version control + peer review - All code and configuration changes go through pull requests with at least one reviewer before merging.
  • Staging environments - Changes are validated in a staging environment that mirrors production before any customer-facing deployment.
  • Rollback plans + change logs - Every deployment includes a documented rollback procedure. A full change log is maintained for audit purposes.

4. Incident response

  • 24/7 monitoring - Automated alerts detect anomalies in uptime, error rates, and data-flow integrity around the clock.
  • Defined runbooks - We maintain step-by-step incident response runbooks so issues are triaged and resolved consistently.
  • Customer notification - If an incident affects your data or service availability, we notify you promptly with a clear timeline and remediation steps.

5. Client responsibilities

Security is a shared effort. We ask that you:

  • Restrict user access - Grant GHL sub-account access only to team members who need it, and remove access promptly when roles change.
  • Rotate credentials - Periodically rotate API keys, passwords, and integration tokens, especially after personnel changes.
  • Review AI outputs for regulated industries - If you operate in healthcare, finance, or another regulated sector, apply human review to any AI-generated content before it reaches end users.

6. Questions?

If you have security questions, concerns, or need to report a vulnerability, reach out to us directly:

security@automatethejourney.com

Trust Center Request a DPA
← Back to Home