Enterprise security. Zero compromise.
GDPR compliant, with SOC 2-aligned security practices, complete tenant isolation, and full audit trails. Your customer data never leaves your boundary.
Certifications & Standards
Industry-standard practices. Continuously monitored. Built for enterprise trust.
SOC 2 Aligned
SOC 2-aligned practices covering security, availability, and confidentiality. Formal certification in progress.
GDPR Compliant
Full compliance with EU data protection regulations. Data processing agreements available. EU data residency.
ISO 27001 Infrastructure
Infrastructure is hosted on ISO 27001-certified data centers. Internal security practices are aligned with the ISO 27001 framework.
99.9% Uptime SLA
Enterprise SLA with financial credits for downtime. Monitored 24/7 with automated failover.
Security Architecture
Built on Rust for memory safety. Designed for multi-tenant isolation from day one.
Multi-Tenant Data Isolation
Row-level security in PostgreSQL with list partitioning by project. Each tenant's data is cryptographically isolated. One tenant can never access another's catalog, conversations, or analytics.
Encryption Everywhere
TLS 1.3 for data in transit. AES-256 encryption at rest for databases and object storage. API keys hashed with Argon2. No plaintext secrets in logs or telemetry.
Full Audit Trail
Every conversation, search query, cart action, and admin change is logged to ClickHouse with timestamps, user IDs, and session context. Immutable append-only storage for compliance.
Infrastructure Security
Deployed on dedicated infrastructure with network isolation. No shared compute between tenants at the Enterprise tier. Regular penetration testing by third-party security firms.
How We Handle Your Data
Clear policies for every data category. Exportable, deletable, and always under your control.
Conversation Data
- Stored in PostgreSQL with row-level tenant isolation
- Retained per customer policy (configurable 30-365 days)
- Exportable on request in JSON/CSV format
- Deletable on demand (GDPR right to erasure)
Product Catalogs
- Ingested via encrypted channels (TLS 1.3)
- Stored in tenant-isolated database partitions
- Vector embeddings generated in isolated compute
- Never shared across tenants or used for training
Analytics Events
- Written to ClickHouse with tenant-scoped access
- Sub-second query performance on millions of events
- Behavioral signals stay within tenant boundary
- GDPR-compliant: anonymizable and deletable per user
AI Model Data
- Conversations are not used to train foundation models
- Product essences are generated per-tenant and isolated
- System prompts and tool configs stored per-project
- No cross-tenant data leakage in model context
Access Controls
Fine-grained permissions for every level of your organization. Integrate with your existing identity provider.
- SAML 2.0 and OAuth 2.0 SSO integration
- Role-based access control (RBAC) with custom roles
- API key scoping with per-key permission sets
- Session management with configurable timeouts
- IP allowlisting for admin dashboard access
- Multi-factor authentication for all admin accounts
Rust: Memory Safe by Default
Our backend is written in Rust, a language that eliminates entire categories of security vulnerabilities at compile time:
- No buffer overflows or use-after-free
- No null pointer dereferences
- No data races in concurrent code
- No garbage collector pauses
- Type system enforces correct data handling
Need to review our security posture?
We're happy to walk through our security practices, complete a security questionnaire, or schedule a call with our engineering team.