Skip to content

Serious security. Simply explained.

Enterprise-grade controls, clear defaults, and documentation when you need it.

Access

  • SSO — OIDC and SAML
  • Roles — Admin, Editor, Viewer
  • Invites — Add team members. Revoke immediately

Data

  • Encryption — In transit and at rest. Field-level for sensitive data
  • Hosting — Google Cloud Platform. US-Central1 default. Other regions on Enterprise
  • Secrets — GCP Secret Manager. Nothing in code
  • PII — Log redaction. Data classification

Compliance

  • GDPR-aligned — Deletion on request. Configurable retention
  • Residency — Control where data lives
  • Audit logs — Exportable. Who did what, when

Infrastructure

  • Uptime — 99.9% target. Auto-scaling. Failover
  • Threat model — Documented. Prompt injection, XSS, SSRF, exfiltration. Reviewed regularly
  • Crawler — Domain allowlists. Rate limiting. Egress controls
  • Embed — CSP. SRI. Origin validation

Trust center

Compliance / GDPR & retention

Control how long data is stored, export audit trails, and honor right-to-be-forgotten requests with tenant-level policies.

Security & SLA

Security by design: threat modeling, data isolation, configurable retention, SSO, audit logging, and clear performance SLAs with billing enforcement.

SSO (OIDC/SAML)

Configure SSO per tenant with OIDC or SAML, map roles, and keep access aligned with enterprise identity policies.

Threat model

A formal threat model documents risks like prompt injection, SSRF, and data exfiltration with controls and owner accountability.

Enterprise

Grounded AI chat with enterprise controls.

Questions about security?

We’re happy to discuss our security posture in detail. Contact us for documentation or to schedule a review.

Contact us