EternalSelf’s public pages repeat safe messages: EU hosting, disclosure on outbound mail for Twin when applicable, and trust copy that does not belong in chat logs. Your API keys, Stripe secrets, and recovery codes belong in a password manager or deployment vault — never in email body text.
If you operate an integration, treat reader tokens and guardian flows like credentials: rotate when people change roles, and avoid sharing them in group threads “for convenience.”
Marketing vs operations
This blog explains product intent. Your organization’s security policy still wins — use it.