ZexIA Design
ZexIA Design

Security and privacy principles

ZexIA Design separates public product pages from authenticated content operations. Private sources, drafts, settings and metrics remain inside protected app routes.

Authenticated app

Protected product workflows live under /app and require Supabase Auth. Backend API routes validate Bearer JWTs except for explicitly public operational endpoints.

Provider keys

External providers such as OpenAI, OpenRouter, ElevenLabs, Apify, Telegram and UAZAPI require environment-level credentials. Public pages must never expose secrets.

Generated assets

Some generated image, audio and video URLs are public so browsers can preview media. Filenames should not contain secrets or sensitive metadata.

Source-first funnel

What this page connects to

Sources
96
Drafts
82
Assets
70
Learnings
58
Crawlable context

Built for people and AI engines

Each public page keeps product claims in HTML, uses canonical URLs, structured data and related internal links, while visuals clarify the workflow for humans.

HTMLSchemaFAQMarkdownInternal links

Related resources

Resource hub

Find citation-ready guides, Markdown files, comparison pages and LLM context.

All features

See the complete source-first content operations feature set.

Workflow docs

Read the public source-first workflow documentation.

Frequently asked questions

Are private drafts public?

No. Drafts and app workflows are protected behind authentication. Public SEO pages should use only sanitized examples.