nicool.ai logo
nicool.aiDocumentation

Security

How nicoolAI handles access, memory, linked accounts, and situations where it should refuse or escalate.

Security in nicoolAI is mostly about boundaries, not theater.

The standard is simple: know who is allowed to do what, know what the system can touch, and default to restraint when the answer is unclear.

The important questions are:

  1. Who is allowed to access what?
  2. What does the system remember?
  3. What can it do on my behalf?
  4. What happens when the system is unsure?

Access is scoped, not assumed

nicoolAI should not treat every conversation as equally privileged.

Access depends on identity, role, and context. In practice, that means:

  • some capabilities are broadly available
  • some capabilities are restricted
  • if access cannot be confirmed, the system should refuse rather than guess

It should fail closed

When access is unclear, the correct response is to do less, not more.

Practically, that means:

  • restricted skills should not appear by accident
  • missing permissions should block actions
  • unclear access should produce a denial or a narrower response

Connected systems must be explicit

Connectors expand what nicoolAI can do, but only after the relevant account or workspace has been connected.

The core distinction is:

  • channels let you talk to nicoolAI
  • connectors let nicoolAI act in another system

Without a connector, nicoolAI may still advise or draft, but it should not pretend it can complete the action.

Memory should support continuity, not overreach

nicoolAI keeps lightweight memory so conversations do not restart from zero every time.

In practice, that usually means:

  • stable facts that are worth remembering
  • recent context from ongoing conversations
  • concise summaries rather than raw everything-forever history

The right user expectation is continuity with boundaries, not omniscience.

Escalation is part of the safety model

Not every request should be handled automatically.

When a request is sensitive, ambiguous, or needs human judgment, nicoolAI should:

  • ask for clarification
  • stop short of acting
  • prepare a clean escalation when needed

That is not just a support feature. It is part of how the system stays trustworthy.

Channel and workspace boundaries matter

The setting of the conversation also matters.

Examples:

  • a personal message is not the same as a Slack thread in a workspace
  • a linked account is not the same as an anonymous interaction
  • workspace permissions affect what Slack-based actions are possible

Those boundaries explain why some features are available in one place and not another.

What a user should be able to trust

  • nicoolAI only uses systems that have been explicitly connected.
  • Some capabilities are restricted by role and context.
  • If access is unclear, nicoolAI should refuse rather than overreach.
  • If a request needs human judgment, nicoolAI should escalate.

Personal email integration

What the planned personal email connector is for, and how it differs from the live [email protected] email channel.

Troubleshooting

Common nicoolAI failure modes explained in plain language, with the shortest useful recovery step.

On this page

Access is scoped, not assumedIt should fail closedConnected systems must be explicitMemory should support continuity, not overreachEscalation is part of the safety modelChannel and workspace boundaries matterWhat a user should be able to trustRelated pages