Security
How we protect your data and access.
Passwordless authentication
Sign-in uses one-time email codes — there are no passwords to be phished, reused, or leaked. Codes are short-lived and single-use.
Per-account isolation
Every connection, topic, document, and conversation belongs to the account that created it and is only accessible to that account. Document embeddings are stored in a per-topic collection.
Credential handling
Connection credentials are stored to query your sources and are injected into requests server-side — they are never exposed to the language model or placed into prompts. For tool-based connectors, secrets are merged into each call on the server rather than routed through the AI.
Encryption in transit
Traffic to the application and to your data sources is served over TLS. Managed databases, object storage, and vector search are accessed over encrypted connections.
Least-privilege by design
Topics let you expose only the specific tables a question needs, and the agent is built to read and analyze rather than modify. We recommend connecting with read-only, least-privilege credentials.
Reporting an issue
Found a vulnerability? Please reach out via our contact page so we can investigate promptly. We appreciate responsible disclosure.