Security

Security and manuscript privacy posture

How Wise Wombat separates public SEO content from private manuscript workspaces, reports, and app routes.

Boundary

Public content is deliberate

Wise Wombat publishes public educational and product pages for discovery. Private manuscripts are not public site content.

Marketing pages, guides, glossary entries, sample reports, demos, templates, LLM resources, and public JSON endpoints are intended to be crawlable.
Public examples are demonstration content and do not include private user manuscripts.
The sitemap, llms.txt, llms-full.txt, /ai/context.json, /ai/facts.json, and /ai/routes.json describe public site content.

Private drafts

Manuscript projects and reports belong inside the authenticated app experience, not the public sitemap.

Authenticated dashboard and manuscript project pages are not intended for public indexing.
Private manuscript reports live inside authenticated app areas rather than public marketing pages.
API, auth, dashboard, and manuscript routes are excluded from the public crawler policy.

Crawlers

The public crawler policy is intentionally different for public content, private app paths, and different AI crawlers.

General crawlers can access public pages and are disallowed from /api/, /auth/, /dashboard/, and /manuscripts/.
OAI-SearchBot and ChatGPT-User can access public pages and are disallowed from private app paths.
GPTBot is disallowed from the site.

Accounts

Wise Wombat's public claim is conservative: manuscript projects are handled through authenticated workspaces and private app routes.

Wise Wombat uses authenticated workspaces for manuscript projects.
Sessions are handled through the app authentication layer before dashboard and manuscript routes are reached.
Authors should not put private manuscript material into public support messages or public website pages.

Contact

For security questions or responsible disclosure, contact andrew@andrewmurphy.io. For policy language, see the privacy page.