Security & Data Permissions
Pucho is your all-in-one platform for building smart automations, AI agents, and connected workflows — without writing a single line of code.
Whether you’re organizing your business, optimizing operations, or experimenting with AI, Pucho helps you turn ideas into working systems that think, act, and respond.
Both platforms help simplify workflows, reduce repetitive work, and introduce AI into daily operations — but they are built for very different users.
Before choosing one, it’s important to ask a simple question:
“Do I need task automation or business automation?”
This blog breaks down both tools in a balanced, side-by-side comparison so you can choose the best platform for your needs.
Security & Data Practices
At Pucho, we prioritize security at every level of our platform. Our goal is to ensure that your data, credentials, and workflows remain protected at all times through industry-standard practices and continuous monitoring.
External Systems Credentials
All third-party credentials connected to Pucho are stored using 256-bit encryption. Credentials are never retrievable by users or the system after processing—they are used only during execution, after which access is securely revoked. Sensitive information and tokens are automatically censored in logs using robust data masking to guarantee that no confidential details are ever stored or exposed.
OAuth2 Integrations
Every integration in Pucho uses OAuth2 for authentication, leveraging minimal access scopes wherever supported. This ensures secure, permission-based connections to all third-party apps and APIs.
Vulnerability Disclosure
As part of our open-innovation model, Pucho welcomes developers and security researchers to test, audit, and report vulnerabilities responsibly. Our transparent disclosure process ensures that security issues are identified and resolved promptly.
Access and Authentication
Pucho employs Role-Based Access Control (RBAC) to manage permissions across organizations, projects, and resources. Admins can assign specific roles that define who can view, edit, or execute automations, ensuring precise and auditable control.
Our Single Sign-On (SSO) integration enables users to securely access their accounts using a unified set of credentials—enhancing both convenience and security.
Comprehensive Audit Logs track all actions, user interactions, and configuration changes in real time, providing visibility and accountability across the platform.
Strict Password Policy Enforcement ensures that all user passwords meet defined length, complexity, and hashing requirements. Pucho never stores plain text passwords—only secure hashes are stored.
Privacy & Data Protection
Pucho Cloud ensures GDPR-compliant data protection. For teams opting for self-hosting, the data region fully depends on the selected infrastructure.
We encourage all users to review our Privacy Policy, which outlines how Pucho collects, stores, and protects user data in alignment with international data protection standards and privacy laws.
Project Permissions
Pucho is your all-in-one platform for building smart automations, AI agents, and connected workflows — without writing a single line of code.
Whether you’re organizing your business, optimizing operations, or experimenting with AI, Pucho helps you turn ideas into working systems that think, act, and respond.
Both platforms help simplify workflows, reduce repetitive work, and introduce AI into daily operations — but they are built for very different users.
Before choosing one, it’s important to ask a simple question:
“Do I need task automation or business automation?”
This blog breaks down both tools in a balanced, side-by-side comparison so you can choose the best platform for your needs.
Admin
Admins have complete control over project configuration, user management, and flow operations.
- View and edit flows
- Publish, enable, or disable flows
- View and retry runs
- View and resolve issues
- View and edit connections
- View and manage project members
- Add or remove project members
- Configure Git repository for flow synchronization
- Push or pull flows from the connected Git repository
Editor
Editors focus on building and maintaining flows without full administrative access.
- View and edit flows
- Publish, enable, or disable flows
- View and retry runs
- View and resolve issues
- View and edit connections
- View project members
Operator
Operators handle flow execution and issue management but do not modify flow logic.
- Publish, enable, or disable flows
- View and retry runs
- View and resolve issues
- View and edit connections
- View project members
Viewer
Viewers have read-only access to monitor the project’s performance and structure.
- View flows
- View runs
- View connections
- View project members
- View issues
Single Sign-On
Pucho supports Single Sign-On (SSO) to simplify and secure user authentication across organizations. By integrating SSO, admins can manage user access through a centralized identity provider, ensuring both convenience and compliance with enterprise-grade security standards.
Enforcing SSO
Pucho allows organizations to enforce SSO by specifying approved domains. Once configured, administrators can disable traditional email and password logins, ensuring that all authentication passes through the designated SSO provider. This approach strengthens account security and ensures consistent identity management across teams.
Within the Pucho Admin Console, you can configure:
- Allowed Domains – Restrict access to users with specific email domains. Leave empty to allow all domains.
- Google Login – Enable Google’s single sign-on functionality.
- SAML 2.0 Login – Configure SAML-based authentication for enterprise identity systems.
- Email Login – Optionally allow login through email and password if needed.
Supported SSO Providers
Pucho supports multiple SSO providers, including Google, GitHub, and SAML 2.0 systems, allowing flexible authentication based on your organization’s infrastructure.
- Go to the Google Developer Console.
- Copy the Redirect URL provided on Pucho’s configuration screen and paste it into your Google App settings.
- Enter the Client ID and Client Secret from Google into the Pucho configuration panel.
- Click Finish to complete setup.
Once configured, users will log in using their organization’s SSO provider credentials. Admins can monitor and manage all sign-ins through the Security section under Single Sign-On in the Pucho dashboard.