Robbclan Wayfinder

Wayfinder Security Statement

Published - May 21, 2026

Wayfinder is an AI-enabled learning operations platform built to help organizations create, govern, deliver, and measure training. Security matters because Wayfinder can contain customer learning content, learner activity, tenant documentation, integration credentials, billing references, AI workflow context, and administrative records.

This Security Statement describes Wayfinder's current security posture and the controls Robbclan uses or expects for production operation. It is a public summary, not an audit report, certification, penetration-test report, security addendum, or guarantee that no incident can occur.

1. Security Principles

Robbclan's security approach for Wayfinder is guided by the following principles:

Tenant boundaries matter. Customer content, audience access, personal context, administrator controls, and cross-tenant operations should be constrained by role and tenant scope.
High-risk operations require stronger controls. Maintenance backups, platform administration, billing configuration, trusted access, integrations, authentication, and privacy operations receive additional guardrails.
Security should be visible in product behavior. Role permissions, secure defaults, warnings, audit paths, retention workflows, and privacy notices are part of the operating model.
AI does not remove review responsibility. AI-generated learning content and AI-assisted workflows still require customer review, source judgment, and access-control discipline.
Transparency beats theater. Robbclan will not claim certifications, hosting controls, or assurance results that have not been completed and approved for publication.

2. Application and Access Security

2.1 Authentication and Account Controls

Wayfinder supports account authentication and administrative access controls designed for a multi-role learning platform. Security-relevant account features include:

role-based authorization for System Admin, Tenant Admin, Editor, Instructor, Manager, Coordinator, and Learner workflows;
tenant-aware access checks and audience controls for internal, customer, and partner learning experiences;
multi-factor authentication options where configured, including passkey/WebAuthn flows;
session handling and production cookie-security settings;
login, MFA, and passkey attempt throttling intended to reduce credential-abuse risk; and
generic authentication failure handling that avoids unnecessary account-enumeration clues.

Customers remain responsible for choosing administrators carefully, removing access when it is no longer needed, protecting credentials and tokens, and configuring identity or trusted-access integrations appropriately.

2.2 Trusted Access, APIs, MCP, and Agent Interfaces

Wayfinder may be accessed through browser workflows, APIs, trusted-access flows, MCP tools, MCP-UI resources, and AI assistants. These interfaces are governed by authorization, tenant scope, tool permissions, credentials, tokens, and feature-specific controls.

Security controls and expectations include:

tenant matching and role restrictions for trusted-access ticket flows;
origin and signing controls for trusted-access integration patterns where configured;
structured tool access rather than scraping for MCP-enabled workflows;
customer responsibility for safeguarding bearer tokens, shared secrets, signing keys, assistant credentials, and integration scopes; and
human approval and review controls for workflows where Wayfinder is configured to require them.

2.3 Browser and Request Hardening

Wayfinder includes browser-facing request and response hardening in the application and production deployment guidance. Current controls include:

cross-site request protections and security-sensitive session handling;
response security headers for selected browser protections;
host trust controls for production-like deployments when configured;
startup warnings for production-like deployments missing important security settings; and
a production recommendation that public traffic enter through a trusted reverse proxy using HTTPS rather than an exposed application container port.

3. Tenant Isolation and Authorization

Wayfinder is designed around tenant scope and role permissions. Tenant isolation and authorization controls are intended to:

restrict tenant-managed content and user administration to authorized roles;
keep platform-level administration separate from tenant-level administration;
limit personal context and personal MCP functions to authorized users;
prevent customer and partner audiences from seeing internal-only content where configured; and
require renewed approval or equivalent controls for sensitive cross-tenant account changes.

Customers should configure roles, audience selections, documentation scopes, trusted-access integrations, and course visibility rules with least privilege in mind.

4. Data Protection and Privacy Operations

4.1 Customer Content and Privacy Controls

Wayfinder may store or process customer learning content, documentation snapshots, media, course packages, learner progress, presentation submissions, Course Coach activity, SME interview content, support tickets, tenant templates, and context portfolios. The Wayfinder Privacy Policy and customer agreements describe privacy roles and data handling at a higher level.

Feature-specific controls may include tenant-scoped Coach privacy settings, data export and deletion workflows, retention jobs, owner-only personal context boundaries, and audience-based document access choices.

4.2 Retention and Deletion

Wayfinder includes retention-oriented operational hooks and settings for categories such as backups, privacy exports, completed privacy requests, audit logs, expired sessions, and certain feature-specific records. Production retention choices should be documented and operated consistently with customer agreements, privacy notices, legal obligations, backup procedures, and security needs.

4.3 Payment Scope

Wayfinder is designed to store payment-provider references and billing state rather than raw card numbers in the application. Card processing and payment data flows may involve a payment provider such as Finix and must be configured with appropriate webhook authentication and signing controls.

5. Data Security Controls

5.1 Upload and Content Handling

Wayfinder accepts uploaded media, course packages, documentation, branding files, context files, and learner submissions through selected features. Upload-related hardening includes bounded upload handling and configured size limits to reduce resource-exhaustion risk.

Customers should upload only content they are authorized to use and should apply their own content-governance controls for source documents, learner submissions, media, and integrations.

5.2 Backups and Maintenance Artifacts

Maintenance operations are treated as high-risk. Current production guidance and controls include:

restricting maintenance backup download access to System Admin workflows;
excluding sensitive local key material, sessions, login challenges, passkey flow artifacts, prior backup archives, and update bundles from full backup archives by default;
keeping backup retention and deletion practices documented;
reviewing maintenance audit trails for backup creation and download events; and
protecting maintenance artifacts from broad tenant-admin access.

5.3 Secrets and Configuration

Production operation is expected to use managed secrets and security configuration, including application secret keys, payment-provider secrets, LLM/API credentials, SMTP credentials, trusted-access secrets, runner tokens, webhook secrets, trusted hosts, secure cookies, and reverse-proxy/TLS configuration.

Robbclan and customers should avoid placing live secrets in source repositories, documentation samples, browser URLs, support tickets, or unapproved assistant prompts.

6. AI and Integration Security

6.1 AI Workflows

Wayfinder AI workflows may process prompts, source excerpts, role/task analysis, documentation, learner answers for Coach evaluation, and other content needed to deliver the requested feature. AI security depends on:

limiting unnecessary sensitive data in prompts and source materials;
reviewing generated outputs before use in high-impact training or operational contexts;
selecting and configuring model providers appropriately; and
protecting prompt sources, integration scopes, customer content, and reviewer permissions.

6.2 Documentation and External Integrations

Documentation connectors and external integrations can expand the data Wayfinder can access. Customers are responsible for:

granting least-privilege integration permissions;
selecting documentation sources appropriate to internal, partner, and customer audiences;
protecting API keys, tokens, secrets, and credentials;
reviewing third-party privacy and security practices; and
revoking or rotating credentials when access changes.

7. Monitoring, Logging, and Operational Response

Wayfinder uses logs, audit records, support workflows, startup warnings, and administrative controls to support operations and investigations. Logging and retention should be configured to support security review without exposing secrets unnecessarily.

Robbclan maintains processes to review issues, support reports, security-sensitive behavior, and production readiness. Customers should report suspected account compromise, tenant-boundary concerns, billing-security concerns, and integration-secret exposure promptly.

8. Vulnerability Reporting

Security concerns should be reported to:

Security contact: security@robbclan.com
Backup contact: legal@robbclan.com

Please include enough detail to reproduce or understand the issue, including affected URLs, tenant context if relevant, screenshots or request IDs where safe, and steps to reproduce. Do not include live credentials, payment card data, unnecessary personal data, or exploit payloads beyond what is needed to explain the issue.

Robbclan will review reports in good faith and prioritize issues based on severity, exploitability, customer impact, and operational risk. A separate coordinated-disclosure policy may be published later if Robbclan establishes a formal vulnerability-disclosure program.

9. Customer Security Responsibilities

Wayfinder security is shared with customers. Customers should:

assign administrator access on a need-to-use basis;
use strong authentication and MFA/passkeys where appropriate;
safeguard passwords, tokens, API keys, HMAC secrets, trusted-access credentials, and MCP bearer tokens;
configure documentation and AI integrations with least privilege;
review AI-generated training content before relying on it;
classify and govern uploaded source documents and learner submissions;
keep audience, course visibility, tenant, and role configuration aligned with business intent;
notify Robbclan of suspected security incidents affecting Wayfinder access; and
complete their own risk, privacy, procurement, and compliance review before using Wayfinder for regulated or high-impact workflows.

10. Compliance and Assurance

Wayfinder security work may be informed by established security principles and customer procurement expectations. Unless Robbclan publishes a specific attestation or contract term, this Security Statement does not mean that Wayfinder is certified under SOC 2, ISO 27001, PCI DSS, HIPAA, FedRAMP, or another formal assurance framework.

Security questionnaires, architecture discussions, data processing terms, or customer-specific security requirements may be handled through Sales or the security contact where appropriate.

11. Related Documents

This statement should be read with:

the Wayfinder Platform Subscription Agreement;
the Wayfinder Privacy Policy;
any Order, DPA, security addendum, or customer-specific statement of work;
product notices for features such as Course Coach privacy; and
production deployment and administrator guidance supplied to authorized operators.

12. Changes to This Statement

Robbclan may update this Security Statement as Wayfinder, its infrastructure, or its security program evolves. Updated statements should reflect controls that are current and approved for publication at the time of posting.