Trust

Security at push8

Push8 connects to your n8n. That means your API key lives in our database. Here's exactly how we handle it — no jargon.

Your n8n API key

  • • Encrypted with AES-GCM using a server-only secret before it's written to the database. The database never sees the plaintext.
  • • Decrypted only in a server function, only when you push or fetch from n8n. Decryption never happens in your browser.
  • • We store the last 4 characters of the key so you can recognise which key is connected — nothing else is exposed.
  • • You can disconnect at any time from Studio → Connections; the row is hard-deleted.

Access control

  • • Every table that holds your data has row-level security scoping rows to auth.uid(). Other users — including other push8 customers — cannot read your connection, chats, or workflows.
  • • Admin tooling is gated by a separate user_roles table; admins can see waitlist/usage metadata, not your secrets.
  • • Sign-in uses Lovable Cloud auth (email + Google). Sessions are stored in your browser's local storage and refreshed via short-lived tokens.

When we proxy to n8n

  • • Push, test, and execution-status calls all go through our server. The browser never holds your n8n key.
  • • We forward only the minimum payload n8n needs (name, nodes, connections, settings) — never your other workflows.
  • • Errors from n8n are translated into plain-English hints; raw payloads are not echoed verbatim to the UI.

What we don't do

  • • We don't log your API key, your workflow execution data, or the bodies of HTTP requests your workflows make.
  • • We don't share your data with third parties for marketing.
  • • We don't train AI models on your workflows. The AI gateway we use to generate workflows is contractually no-retention.

What we do store

  • • Your account: email, display name, sign-in provider.
  • • Your chats and the workflow JSON they produced.
  • • Encrypted n8n connection (URL + ciphertext + last-4 hint).
  • • Usage counters (model + token counts) so we can enforce monthly limits — no prompt content beyond a 200-char preview for debugging.

Report a vulnerability

Found something? Email security@push8.dev with steps to reproduce. We aim to acknowledge within 48 hours and won't pursue researchers acting in good faith.

Last updated 10 July 2026.