Skip to content

Security

The agent asks first on anything that matters.

Limitless runs on a managed infrastructure model where security is our responsibility, not yours. Sensitive actions stop at an approval gate you control.

limitless://agent · accounts-payable
Pay the outstanding invoices in the vendor portal.

Plan

Open the vendor invoice portal
Match the invoice to the purchase orderPO-4471 · $8,240.00
Submit payment · $8,240.00Paused: sends money
BLOCKED · APPROVAL REQUIRED

The agent will not send a payment on its own. Nothing leaves your account until you approve this exact action.

Review & approveDeny

Approval gates

A hard stop before consequences.

The agent plans and acts freely on read-only work. The moment a step would spend money, send a message, delete data, or reach outside its working directory, it pauses and waits for you. Per-site allow and deny lists narrow this further.

Purchases and payments
Sending messages or emails
Deletions and destructive edits
Downloads and file writes
Logins and credential use
File access outside a working directory

Your device holds the secrets. The cloud only reasons.

What stays on your device

Browser session data, cookies, local logins, downloaded files, and anything you mark private in memory. These never leave your machine.

What we process in the cloud

Task instructions, the page snapshots and DOM excerpts the agent needs to reason, and its planning steps. Retention windows are configurable.

Encryption in transit (TLS 1.2+) and at rest
Traffic runs to our cloud in well-known regions
Configurable logging and retention windows
Data deletion on request

At the page level

keychain → fill(username, password)
cloud sees: login = completed
cloud sees: values = never

Credentials and keys

Your keys stay yours.

Credentials live in the OS keychain or platform-equivalent secure storage, and any provider keys you bring are held the same way. The agent fills them at the page level. They are never sent to the cloud in plaintext, so our servers only learn that a login succeeded, not the secret behind it.

Untrusted page content

A web page is data, never a command.

Treated as untrusted

Text on a page is input to reason over, not an instruction to follow. Hidden prompts do not become commands.

Action grounding

Every action must match the task you gave, not something the page asks for. Off-task moves are rejected.

Cross-site isolation

A page on one domain cannot redirect a task aimed at another. Instructions do not leak across sites.

Every action leaves a record.

01

Full run history

Each task is logged step by step, searchable, and replayable after the fact.

02

Approval log

What was requested, what you approved or denied, and when, kept alongside the run.

03

Configurable retention

Set how long logs and cloud data are kept, per your policy, in account settings.

04

Deletion on request

Ask us to remove your data and we will. Retention windows are yours to shorten.

Compliance posture

We are building toward formal certifications. We do not yet hold SOC 2 or ISO 27001. This section is updated as our posture evolves. A current list of subprocessors is available on request.

Responsible disclosure

Report vulnerabilities to security@limitlessbrowser.ai. We acknowledge reports within 48 hours, provide safe harbor for good-faith research, and publish fixes transparently.

Questions about security? Reach us at security@limitlessbrowser.ai.