Security
Built for trusted, controlled workflows
Trope is designed to keep desktop capture explicit and cloud access scoped to workspaces. We focus on permissioned access, clear boundaries, and auditability.
Security at a glance
Trope supports teams that run sensitive workflows in desktop apps and legacy systems. Our approach starts with explicit capture permissions, then scopes access to workspace membership and roles.
Permissioned capture
Capture starts when a user starts it and can be stopped at any time.
Workspace isolation
Workflow artifacts live in a workspace and access is controlled through membership and invites.
Auditability
Runs produce history and logs to support QA, coaching, and compliance needs.
Data minimization
Teams can set capture guidelines and keep highly sensitive moments out of shared workflows.
Enterprise readiness
We support security reviews with documentation and clear answers. For customers with residency requirements, we can discuss region posture (including Canada) and any relevant constraints.
Prefer a narrative overview? Read the Security overview.
See our subprocessors.
We can support vendor questionnaires and share additional security artifacts under NDA during procurement.
Enterprise claims-to-capability matrix
This matrix maps enterprise identity claims to the capability keys that are enforced in workspace navigation and backend authorization checks.
| Matrix label | Enterprise claim | Enforceable capability | Capability keys | Enforcement surface |
|---|---|---|---|---|
| Members directory visibility | Members read claims membership.capabilities.members.read | View workspace members | members.readorg.members.readworkspace.members.readcan_view_memberscan_manage_members | Members UI visibility and read-only membership APIs. |
| Membership administration | Members manage claims membership.capabilities.members.manage | Add/remove members and update member roles | members.manageorg.members.manageworkspace.members.managecan_manage_members | Member mutation controls and membership management APIs. |
| Owner transfer controls | Owner promotion claims membership.capabilities.members.promote_owner | Promote members to workspace owner | members.promote_ownermembers.promote-ownermembers.assign_ownermembers.assign-ownerorg.members.promote_ownerorg.members.promote-ownerorg.members.assign_ownerorg.members.assign-ownerworkspace.members.promote_ownerworkspace.members.promote-ownerworkspace.members.assign_ownerworkspace.members.assign-owner | Owner assignment controls and owner-promotion API checks. |
| Invite lifecycle controls | Invite claims membership.capabilities.invites.manage | Create and revoke workspace invites | invites.manageorg.invites.manageworkspace.invites.manage | Invite entry points and invite mutation API routes. |
| Audit log access | Audit claims membership.capabilities.audit.read | View workspace audit events | audit.readorg.audit.readworkspace.audit.readaudit.listorg.audit.listworkspace.audit.list | Audit navigation and audit log read routes. |
| Reports and exports visibility | Reports read claims membership.capabilities.reports.read | View reports and export history | reports.readreport.readexports.readexport.readinsights.reports.readorg.reports.readorg.report.readorg.exports.readorg.export.readorg.insights.reports.readworkspace.reports.readworkspace.report.readworkspace.exports.readworkspace.export.readworkspace.insights.reports.read | Reports navigation visibility and report bootstrap payloads. |
| Reports export operations | Reports manage claims membership.capabilities.reports.manage | Create and manage report exports | reports.managereport.manageexports.manageexport.manageexports.createexport.createinsights.reports.manageorg.reports.manageorg.report.manageorg.exports.manageorg.export.manageorg.exports.createorg.export.createorg.insights.reports.manageworkspace.reports.manageworkspace.report.manageworkspace.exports.manageworkspace.export.manageworkspace.exports.createworkspace.export.createworkspace.insights.reports.manage | Report export mutations and export lifecycle actions. |
| Workspace policy management | Settings claims membership.capabilities.settings.manage | Update workspace settings and policy controls | settings.manageorg.settings.manageworkspace.settings.managecan_manage_security_settings | Settings UI controls and settings mutation APIs. |
| Workflow governance actions | Workflow claims membership.capabilities.workflows.manage | Manage workflow lifecycle and approvals | workflows.manageworkflow.manageworkflows.updateworkflow.updateworkflows.archiveworkflow.archiveworkflows.reviewworkflow.reviewworkflows.approveworkflow.approveworkflows.shareworkflow.shareworkflows.share.manageworkflow.share.manageorg.workflows.manageorg.workflow.manageorg.workflows.updateorg.workflow.updateorg.workflows.archiveorg.workflow.archiveorg.workflows.revieworg.workflow.revieworg.workflows.approveorg.workflow.approveorg.workflows.shareorg.workflow.shareorg.workflows.share.manageorg.workflow.share.manageworkspace.workflows.manageworkspace.workflow.manageworkspace.workflows.updateworkspace.workflow.updateworkspace.workflows.archiveworkspace.workflow.archiveworkspace.workflows.reviewworkspace.workflow.reviewworkspace.workflows.approveworkspace.workflow.approveworkspace.workflows.shareworkspace.workflow.shareworkspace.workflows.share.manageworkspace.workflow.share.managecan_manage_workflowscan_manage_members | Workflow edit/review actions and workflow mutation APIs. |
| Support token operations | Support token claims membership.capabilities.support_token.manage | Issue and revoke support session tokens | support_token.managesupport_tokens.manageorg.support_token.manageorg.support_tokens.manageworkspace.support_token.manageworkspace.support_tokens.manage | Support token admin controls and token mutation APIs. |
Have security questions?
We can share a security review package and walk through your requirements with your security team.