Security, Privacy & Architecture Overview

Last Updated: March 2026

1. Core Architecture (The "Stateless" Defense)

  • Ephemeral Processing: Our AI agent operates on a stateless architecture. It processes the Document Object Model (DOM) of the target application in real-time within an ephemeral container.
  • Zero-Retention Policy: Once a navigation session is complete, the browser context is destroyed. We do not persist screenshots, session tokens, or PII (Personally Identifiable Information) after the session ends.

2. AI Model Privacy (The "No-Training" Guarantee)

  • Enterprise APIs: We utilize the commercial API tier of OpenAI, Anthropic, and Google Gemini.
  • Data Segregation: In accordance with provider policies, data processed via these APIs is contractually exempt from model training. Your proprietary data will never be used to train public models.

3. Data Security

  • Encryption: All data in transit is encrypted via TLS 1.2+. API keys and credentials are encrypted at rest using AES-256 (AWS KMS or equivalent).
  • PII Redaction: We implement client-side regex filtering to detect and redact sensitive fields (e.g., Credit Cards, SSN) before data is transmitted to the LLM.
  • Tenant Isolation: Our database utilizes Row Level Security (RLS) to ensure strict segregation between different teams and workspaces.

4. Subprocessor List (Transparency)

  • AWS / Google Cloud / Vercel (USA/India): Cloud Infrastructure & Hosting.
  • OpenAI / Anthropic / Google Gemini (USA): LLM Inference (Zero Data Retention enabled).
  • Supabase: Identity verification and Database operations.
  • Stripe (USA): Payment Processing.