Security and Data Use
WriteByte uses OAuth-backed MCP connections, keeps the public author tool surface separate from internal admin tooling, and currently runs resumable MCP sessions on a single application instance.
Public AI integrations use OAuth 2.1 authorization code + PKCE. The MCP surface validates WriteByte-issued bearer tokens for the protected resource, and users approve the connection in the browser before a host can call any author tools.
The public MCP endpoint exposes the non-admin author surface only. Internal admin triage and editorial tools live on a separate admin route and are not part of public ChatGPT or Claude packaging.
Streamable MCP session resumability is currently backed by in-memory server state. For the public v1 launch, this should run as a single instance. Durable multi-instance session storage is a later infrastructure milestone and is not claimed by the public packaging docs.
To report a security concern, email support@writebyte.orgwith the subject line "Security report". General privacy expectations are summarized on the Privacy Policy.