Security & access
Locked down by role
Access is defined per folder and cascades down. Finance, Legal, board packs and salary data stay invisible to people who shouldn't see them — enforced on the server, not just hidden in the interface. Admins see everything; everyone else sees exactly what they've been granted.
The AI can't leak what it can't see
The assistant inherits the same permissions as the person asking. When someone chats with the Codex, it can only search and read the notes they could open themselves — restricted folders never reach the model, so there is no prompt that extracts them.
Sign-in your IT team already trusts
The web wiki authenticates with Microsoft Entra (your existing work accounts). No separate user database, no extra passwords to manage, and offboarding works the way it already does in your tenant.
Changes are reviewed, and history is kept
Web edits publish through a review step, and every note has a visible change history — who changed what, when — with one-click restore. The vault itself is git-versioned, which means the audit trail is structural, not bolted on.
Your data stays yours
Notes are plain Markdown files in a vault you control. Back it up, sync it, open it in Obsidian, or leave with it — there's no export process because there's nothing to export from. That's a deliberate design decision, not a feature tier.