Built for teams who can't afford a leak.
Pressroom holds the keys to every WordPress site you operate. We treat that responsibility like the infrastructure it is.
Encryption at rest
WordPress Application Passwords are encrypted with AES-GCM and a per-environment key. They are decrypted only inside server functions.
Row-level security
Postgres RLS enforces per-workspace isolation on every query. Users can only see their workspace's data.
No plaintext secrets
Credentials are never returned to the browser. They cannot be retrieved through the API once stored.
Immutable audit log
Every publish, edit, AI run, and role change is captured with actor, timestamp, and payload diff.
Zero-retention AI
Our AI gateway has zero-retention agreements with model providers. Your content is not used for training.
Hardened infrastructure
Deployed on edge runtimes with global anycast. TLS 1.3 enforced. HSTS, CSP, and strict CORS by default.
Frameworks we align with.
We design for the controls our enterprise customers need. Reach out for our latest security overview, DPA, or pen-test summary.
Data residency & retention
Workspace data is stored in our primary US region by default, with EU residency available on Enterprise plans. We retain audit logs for the lifetime of your workspace; drafts and AI runs are retained until you delete them.
Access controls
Workspaces support admin / editor / viewer roles enforced at the database layer. Enterprise plans add SAML SSO and SCIM. All admin actions are double-logged.
Responsible disclosure
Found something? Email security@pressroom.app. We acknowledge within 24 hours and run a coordinated disclosure program.