System maintenance in progress — some features may be temporarily unavailable
How RTOFlow protects your organisation's data and content
RTOFlow is built as a multi-tenant platform where each organisation operates in complete isolation from every other. Your data is never shared with, visible to, or accessible by other organisations.
Every database query is automatically scoped to your organisation. Cross-tenant data access is prevented at the infrastructure level, not just in the application code.
All generated documents, uploaded templates, and branding assets are stored in organisation-specific namespaces. No other tenant can access your files.
Every API request is validated against your authenticated user session and organisation context before any data is returned.
RTOFlow uses AI agents to assist with content generation, but these agents operate under strict constraints to ensure safety and control.
All agent-generated content requires explicit human approval before it can be used. No content is automatically published or finalised without a person reviewing and approving it.
RTOFlow implements a five-rail safety architecture that checks AI interactions at every stage. If any safety check fails, the system blocks the action by default.
Scans all input for injection attempts, harmful content, and sensitive data before it reaches the AI model.
Enforces topic boundaries and prevents the AI from being guided into off-topic or restricted conversations.
Validates that any data retrieved from the knowledge base is relevant, safe, and free from injected content.
Sandboxes any code execution with strict path restrictions, dry-run validation, and syntax checking before changes are applied.
Scans AI responses for hallucinations, personal information leakage, or policy violations before they reach users.
The system operates on a fail-closed policy: if any safety check encounters an error or timeout, the action is blocked by default.
RTOFlow includes an optional coding agent capability that is disabled by default. When enabled, the coding agent operates within a strict sandbox with path restrictions, supervisor review of all code patches, and mandatory human approval before any changes are applied. This feature requires explicit activation by a platform administrator.
Your data is backed up daily with point-in-time recovery capability. Backups are encrypted and stored in geographically separate locations.
Audit logs are retained for a minimum of 7 years and are immutable. Every user action, document generation, and configuration change is recorded.
All data is encrypted using TLS 1.3 in transit and AES-256 at rest. Backup data is also encrypted using strong cryptographic keys.
RTOFlow is designed to comply with Australian privacy legislation and industry requirements:
If you have questions about RTOFlow's security practices or need additional documentation for your compliance requirements, contact us at support@rtoflow.au.
| Method | Path | Description |
|---|---|---|
| GET | /api/course-builder/outlines | List all outlines for org |
| POST | /api/course-builder/outlines | Create new outline |
| GET | /api/course-builder/outlines/{id} | Get outline with sections |
| PUT | /api/course-builder/outlines/{id} | Update outline metadata |
| DELETE | /api/course-builder/outlines/{id} | Delete draft outline |
| POST | /api/course-builder/outlines/{id}/sections | Add section |
| PUT | /api/course-builder/sections/{id} | Update section |
| DELETE | /api/course-builder/sections/{id} | Soft-delete section |
| POST | /api/course-builder/outlines/{id}/reorder | Reorder sections |
| POST | /api/course-builder/outlines/{id}/generate | Start generation pipeline |
| POST | /api/course-builder/conversations | Start AI design conversation |
| GET | /api/course-builder/conversations | List conversations |
| GET | /api/course-builder/conversations/{id}/messages | Get messages |
| POST | /api/course-builder/conversations/{id}/messages | Send message (triggers AI response) |
| POST | /api/course-builder/conversations/{id}/approve | Create outline from AI conversation |
| DELETE | /api/course-builder/conversations/{id} | Delete conversation |
| POST | /api/course-builder/outlines/{id}/tga-framework | Generate TGA framework for outline |
| GET | /api/course-builder/outlines/{id}/tga-framework | Get TGA framework data |
| GET | /api/course-builder/outlines/{id}/tga-framework/export | Export TGA framework as DOCX |
| POST | /api/course-builder/outlines/{id}/tga-proposal | Generate TGA proposal from framework |
| PATCH | /api/course-builder/outlines/{id}/branding | Update branding settings |
| POST | /api/course-builder/outlines/{id}/tga-research | Trigger TGA-specific research |
| GET | /api/course-builder/outlines/{id}/tga-research | Get TGA research results |
| PATCH | /api/course-builder/outlines/{id}/tga-research | Update TGA research decisions |
course_builder — must be enabled per organisation via feature flags
course_design — conversation AI for outline designcourse_design_research — TGA-specific research framework for industry/regulatory context
cost_category="setup" and track via the unified AiUsageEvent system.
app/services/course_builder_adapter.py converts CourseOutline → UnitBlueprint format for Stage C compatibility.
| Table | Description |
|---|---|
| course_outlines | Main outline with metadata, status (draft → ready → generating → completed), AQF level, audience context, quality mode, tga_proposal_enabled, and rpl_pack_enabled flags |
| course_outline_sections | Sections with learning outcomes, key topics, content type (theory/practical/assessment), complexity hint, and word targets |
| course_design_conversations | AI design chat sessions linked to org/user, with context snapshot and status tracking |
| course_design_messages | Individual messages (user/assistant/system) with interactive elements, user selections, and token usage tracking |
| Index | Entries | Size | Generated | Status |
|---|---|---|---|---|
| Loading... | ||||
