> ## Documentation Index
> Fetch the complete documentation index at: https://docs.behaviq.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security policies

> Configure workspace security and access policies.

Security policies control how members and integrations can use the workspace.

<img src="https://mintcdn.com/petruslabsptyltd/ZqiV5LlbuV-wxLL4/assets/enterprise-security-policies.png?fit=max&auto=format&n=ZqiV5LlbuV-wxLL4&q=85&s=eb3613348efd6ad27ca9592418373fd0" alt="The BehavIQ security policies page with allowed domains, allowed IPs, web search, and data retention." width="1024" height="1000" data-path="assets/enterprise-security-policies.png" />

## Allowed domains

Allowed domains restrict access by email domain when domain matching is enabled.

Use this when only people from approved organisation domains should join or use the workspace.

## Allowed IPs

Allowed IPs restrict API or workspace access to approved addresses or CIDR ranges where supported.

Only use IP restrictions when the organisation has stable network ranges. Mobile workforces and home networks often make strict IP rules hard to operate.

## Web search

Web search controls whether BehavIQ can use web results as extra context where the assistant supports it.

Turn this off when answers must only use internal workspace guidance and model knowledge.

## Data retention

Security policies also show the conversation retention setting and the fixed audit log window. Conversation retention is indefinite by default unless an enterprise admin chooses a finite window. See [data retention](/enterprise/data-retention) for details.
