Security & Trust

Security Is the Architecture

Your data belongs to you, and it stays on your server. Not a shared database, not a multi-tenant cluster. A dedicated, single-tenant deployment with isolation built into the design, not bolted on after. Here are the concrete controls.

A single fortified vault containing one server, wrapped in concentric shield layers

A Dedicated Single-Tenant Deployment

Every client gets their own server, their own database bound to localhost, and their own encrypted credential store. There is no shared data pool, so cross-tenant access isn't just blocked. It's architecturally impossible.

Your deployment Your application & agents Database bound to localhost Encrypted credential store Another client Their application & agents Their own database Their own credentials no path

Application and agents run under separate system users with isolated permissions. One organization's data never crosses into another's.

The Controls, in Plain Terms

Server hardening

  • TLS 1.2 and 1.3 only. Weak ciphers (RC4, DES, 3DES, NULL, EXPORT) are blocked.
  • Firewalled ports. Only what's needed is open.
  • Key-only SSH. Passwords are disabled, and repeated failed logins trigger automatic IP banning.
  • Unattended security updates, so critical patches land promptly.
  • No version disclosure, and no stack traces or internal paths in error responses.

Data handling

We do not access, use, or retain your data.

  • Your data never trains a model.
  • No analysis or aggregation of your conversations.
  • Calls to model providers go directly to the provider and back, not through us.
  • Server access only for maintenance or support, and only with your knowledge.

Credentials

  • Encrypted at rest with AES-256-GCM before they ever touch the database.
  • Accessed only through a logged credentials service, every access recorded.
  • Never written to logs, never echoed, never exposed in plain text.
  • Automated leak detection scans logs, memory, and documents for accidentally exposed secrets.
Concentric protective shield layers wrapped around a secured server core.

A Continuous Security Loop

Every deployment runs an automated security loop with three phases: offensive scanning, defensive monitoring, and a full audit pass. It runs nightly and again after every deploy, so issues surface immediately instead of waiting for the next cycle.

Offensive

Probe for weakness

Looks for leaked secrets, injection surfaces, over-privileged access, tampered code, poisoned memory, and exposed endpoints.

Defensive

Watch for drift

Monitors dependency vulnerabilities, configuration drift, behavioral anomalies, audit-log integrity, and the external perimeter.

Audit

Verify and report

Confirms the loop ran completely, scores its integrity, and compiles a report with any escalations.

External perimeter checks

Certificate health and expiry monitoring, protocol and cipher validation, and DNS security records (SPF, DMARC, CAA).

Zero-trust posture

Finite session lifetimes, no wildcard permissions, credential-access logging, and alerts on dormant agents or stale credentials.

We describe the model and the coverage here, not the specific tooling.

A closed monitoring loop orbiting a secured core, with a small amber pulse.

The Content-Safety Perimeter

Agents read files and fetch URLs. Every one of them passes through a safety perimeter before, during, and after it touches a language model. Nothing untrusted reaches the model unscreened, and nothing leaves without a final check.

Ingestion scanhash, type, allowlist, AV Prompt-injectionuntrusted text wrapped Modelprocesses it Egress guardblocks SSRF,enforces allowlist Handoff checkfinal gate

Every inbound file is scanned and bad files are quarantined. Outbound requests are blocked from reaching private addresses, and a provenance record traces every file from source to destination.

Governance, Response & Recovery

Severity tiers and response times

CriticalWe don't wait for business hours. Contained and patched on sight.Immediate
HighInvestigated and a fix planned.Within 24h
MediumTriaged and scheduled.This week
LowBundled into routine maintenance.Next window

Human approval is required before any high-impact action. Every action is recorded in an audit log, and continuous auditing catches anything that tries to bypass the governed path.

Backups and recovery

  • Full-server snapshots for complete recovery.
  • Daily, weekly, and monthly database backups, stored separately.
  • Recovery in minutes for restarts, hours for full rebuilds.

Breach notification

In the event of a security breach, we commit to notifying affected clients within 72 hours.

Choose your data residency

Pick where your server is hosted. Regions include Europe (Germany, Finland), US East (Virginia), US West (Oregon), and Asia Pacific (Singapore). Custom arrangements are available on request.

Trusted Providers

We integrate with providers who maintain strong data practices, and we keep the list short and transparent.

Anthropic OpenAI Google AWS Cloudflare Stripe
  • Anthropic does not train models on API data.
  • OpenAI does not train models on API data by default.
  • Your hosting region is provided by an infrastructure partner subject to the data regulations of your chosen region.
  • Stripe handles billing, with no card data stored on your server.

You Own It, and You Can Leave

Everything you build is yours: agents, skills, recipes, automations, documents, and data. Ask your agent to export it all as a zip, anytime. The underlying orchestration and control-plane platform that runs the fleet stays proprietary, and we're upfront about that.

Read the full ownership & portability guide →

We lead with concrete controls because they're strong on their own, and we don't overstate what we haven't earned.

Explore the full Ai1 platform