Security & Compliance

Your data stays yours. Period.

On-premise or private cloud architecture, GDPR by design, LLM inference on dedicated GPUs. No prompts to public models, no training on your documents.

Architecture & Deployment

  • Deploy on AWS (managed) or Kubernetes pods in your cluster — on-premise too when data-sovereignty matters
  • Logical multi-tenant with per-tenant isolation: each company has its own vector collection and namespace
  • LLM inference on dedicated GPU pods inside your VPC — prompts never leave your infrastructure, no calls to public models by default
  • Internal services isolated at pod/network-policy level in production (postgres, qdrant, redis, neo4j) — minimal network surface

Data protection

  • TLS 1.3 end-to-end (admin, API, widget, internal traffic via reverse proxy)
  • At-rest encryption for the PostgreSQL database and Qdrant vector volumes
  • Multi-provider LLM Vault: user API keys encrypted with AES-256-GCM derived from JWT_SECRET, one key per tenant
  • Short-lived JWT (12h) + rotating refresh tokens, 64-hex random secrets
  • Bcrypt + optional TOTP 2FA for user credentials

Transparency & observability

  • Mandatory [N] citations on every answer — no claim without a sourced document
  • Full reasoning trace: which planner, which chunks, which rerank, which critic, with timings and scores
  • Audit log per query: who, when, on which company, with which canvas
  • Shadow mode: A/B comparison between LEGACY vs V2 pipelines in production, with zero user impact

Identity & access control

  • SSO Microsoft Entra (Azure AD) and Google Workspace via OAuth 2.0 / OIDC
  • Three-level RBAC: SYSTEM_ADMIN, COMPANY_ADMIN, USER — plus topic/canvas-level permissions
  • Per-tenant API keys for server-to-server integrations, revocable
  • Rate limiting per IP and per tenant (default 500 req / 15 min)
  • CORS, Helmet, CSP and CSRF protection out of the box

Compliance

  • GDPR by design — IT/EU data residency, DPA available, right-to-be-forgotten via admin API
  • Uploaded documents remain customer property: we act as data processor only
  • Prompts and answers are NOT used for model training — inference is private
  • Anonymizable logs (anonymize_ip), Google Analytics Consent Mode v2
  • Certified verticals: Legal (Normattiva), Pharma (FDA/PubMed), Tax (Italian Tax Agency), Chemicals (ECHA/REACH)

Operations & reliability

  • Automatic daily PostgreSQL backups + on-demand pre-deploy snapshots
  • Prisma migration pipeline with explicit tracking — rollback safe on additive changes
  • Health checks on all services (backend, vLLM, Qdrant, Redis, Neo4j, external sources)
  • Emergency kill-switches for pipelines (CHAT_PLANNER_ENABLED, CHAT_CRITIC_ENABLED, INGESTION_DSL_FALLBACK_TO_LEGACY)
  • Public status page with uptime and incident history

Certifications & compliance

GDPR (EU Regulation 2016/679)
Hosting in Italian / EU datacenters
NIS2 ready (for critical sectors)
Compliant with AgID guidelines for PA cloud services

Available on request

DPA (Data Processing Agreement), Information Security Policy, detailed architecture description, penetration test results on request. For enterprise customers: custom SLAs.

Cookie Notice

We use cookies to improve your browsing experience, analyze site traffic, and personalize content. You can accept all cookies, reject them, or customize your preferences. For more information, please see our Privacy Policy and Cookie Policy.