Skip to content
CedricCedric
Get started

Australian-owned · Privacy Act 1988 aligned

Security you can verify

OAuth-only, approval-first, fully auditable. Cedric is built to protect your reputation, never to put it at risk.

Protect your reputationSee how it works

You stay in control, every step

From the moment a review lands to the audit log, nothing happens without you.

Review lands

via Google OAuth

Cedric drafts

in your voice

You approve

your control point

Posted

to Google

Audit log

who, what, when

Nothing reaches Google without your approval, and every action is logged, forever.

Every claim, verifiable

Zero

Passwords stored

OAuth only. Your Google credentials never touch our servers.

100%

Approval control

Every reply is yours to approve. Autopilot only within your rules.

Full

Audit trail

Who approved what, when, and from where. All logged.

1-click

Revocation

Disconnect anytime. No lock-in, no data held hostage.

Engineered to protect

The specifics, in plain English, how Cedric actually keeps your reputation safe.

Encrypted at rest

AES-256-GCM

Your Google tokens and secrets are sealed with authenticated AES-256-GCM. The key is derived with HKDF and kept separate from the keys that sign your session, one can never unlock the other.

Encrypted in transit

TLS 1.2+

Every byte between you, Cedric, Google and our AI travels over modern TLS. Nothing about your reviews or replies moves across the wire in the clear.

Tenant isolation

Org-scoped

Every database read is filtered to your organisation before it runs. One workspace simply cannot return another's reviews, drafts or settings.

The AI boundary

Draft-only

We send a review's text and your tone settings to Claude so it can draft a reply in your voice. We don't hand over your customer list, and your data is never used to train AI models.

Least-privilege access

4 roles

Owner, admin, member, viewer, teammates get exactly the access they need. Posting, billing and settings each sit behind their own role check.

No stored passwords

OAuth 2.0

You connect Google with OAuth, so we hold a scoped, revocable token, never your password. If a token ever fails to decrypt, we refuse to fall back to anything weaker and ask you to reconnect.

Where your data lives

A short, honest list of the trusted services that help run Cedric.

AnthropicAI reply generationUnited States
GoogleReview sync (OAuth)Your account
VercelApplication hostingGlobal edge
StripeBilling & paymentsUnited States
ResendTransactional & campaign emailUnited States

Encrypted in transit and at rest · You can revoke access at any time

Full sub-processor list

Questions, answered straight

Can Cedric post to Google without my say-so?

Only if you switch on Autopilot, and only inside the rules you set, rating thresholds, banned phrases, escalation keywords. Anything that trips a rule waits for a human. With Autopilot off, every reply is a draft until you approve it.

What exactly do you send to the AI?

The review text and your brand and tone settings, so Claude can draft a reply that sounds like you. We don't send customer contact details, and Anthropic does not train its models on data sent through their API.

Where does my data physically live?

In a managed PostgreSQL database with OAuth tokens encrypted at rest, hosted on the infrastructure listed just above. There are no hidden services in the path.

What happens if I want to leave?

Disconnect Google in one click and the token is revoked with Google on the spot, not just forgotten locally. Ask us to close your workspace and we delete your data, no lock-in, nothing held hostage.

Who on my team can do what?

You decide. Roles run from view-only up to full owner, and every sensitive action checks the user's role before it runs. Multi-location teams can also scope a member to specific locations.

Do you keep a record of changes?

Yes. Approvals, posts, connections and settings changes are written to an audit log, who did it, what changed, and when, so there's always an answer to 'who approved this?'