Security

Your data stays yours, by default

Isolation isn't a setting you turn on — it's how the platform is built. Every record is scoped to your organization, every action is governed by a role, channel secrets are encrypted, and the audit trail is always on. And nothing you upload is ever used to train a model.

The members-and-roles screen for an organization: each teammate sits behind a role — Owner, Team admin, Member, Viewer — and below it an audit log scoped to this organization only shows recent admin actions with who did what and when.
  • Roles, not guesswork
  • Server-enforced access
  • Audit log, this org only
  • Read-only Viewer seat

Real product surface — roles and the org-scoped audit log. Sample data shown.

No model training
Tenant-isolated
Encrypted at rest
Server-enforced RBAC
Audit-logged
Data wiped on request

How your data is protected

  • Tenant-isolated by default

    Every database query is scoped to your organization before it runs — agents, conversations, knowledge, analytics, and credentials all live behind your org boundary. Your data is never mixed with another tenant's, and there's no shared pool to opt out of.

  • Role-based access control

    Who can see what, and who can change it, follows roles — not guesswork. Members get a view-only seat by default; managing agents, knowledge, integrations, and billing each maps to an explicit permission, enforced on the server, not just hidden in the UI.

  • Encrypted channel credentials

    Bot tokens, API keys, and the secrets that connect Telegram, WhatsApp, Slack, and the rest are stored encrypted — not in plain text. Connecting a channel doesn't mean handing your keys to a logbook.

  • Everything is audit-logged

    Admin actions land in an activity feed scoped to your org — who changed an agent, who connected a channel, who updated billing, and when. When something changes, there's always a record of who did it.

  • Read-only roles for safe oversight

    Give analysts, auditors, or stakeholders a seat that can read dashboards and conversations without the power to edit, delete, or take over. The same boundary applies to Saba: it only ever sees what the person asking is already allowed to see.

  • Never trained on your data

    Your documents, conversations, and configuration are used to run your agents — and nothing else. We do not train models on your data, and you can have it wiped on request.

How isolation is enforced

Security isn't a feature you configure after the fact — it's applied on every request. Identity resolves to your organization, the boundary is enforced on each query, the action is permission-checked, and the result is recorded.

  1. Authenticate the request

    Every call carries an authenticated identity. The org it belongs to is taken from that identity — never from anything the client can set — so a request can't reach across into another organization's data.

  2. Scope to your organization

    Before any read or write runs, it's filtered by your org boundary. Data access is tenant-aware at the data layer, so isolation holds even if a higher layer slips.

  3. Check the permission

    Write actions are checked against the caller's role first. A member can't mutate what only a manager may change — the server rejects it regardless of what the interface shows.

  4. Encrypt the secrets

    Channel credentials and connection secrets are encrypted at rest, so the keys that link your bots stay protected even inside the platform.

  5. Record the action

    The change is written to your organization's audit trail, giving you a who-and-when record of every administrative action — fire-and-forget, off the critical path.

Explore other features

How your data meets AI

Answers come from your own content, not a shared brain

Cuneiform Chat is retrieval-grounded. The model is shown passages from your own documents and answers from those — your content runs your agents, and nothing else.

  • Grounded in your documents

    When a question comes in, the platform retrieves the most relevant passages from your organization's own knowledge base and gives them to the model to answer from. The model isn't drawing on some pooled corpus of everyone's data.

  • Named providers, nothing hidden

    Queries and the retrieved context are sent to commercial AI providers — OpenAI, Anthropic, and Google — to generate the reply. Those are the only model providers in the path; there is no separate, unnamed processor.

  • Not used to train models

    We process your conversation and document data solely to provide the service, and these providers operate under agreements not to train their models on customer data. We don't sell your data and we don't feed it back into model training.

  • Diagnostic trace upload is off

    The AI agent framework can upload execution traces to its vendor for debugging. We turn that off — agent runs are not shipped out to a third-party tracing service.

Sub-processor transparency

The companies in the loop, named

Most AI vendors won't tell you who else touches your data. Here are the third parties that process it on our behalf — the same list our privacy policy commits to.

AI providers

OpenAI · Anthropic · Google

Infrastructure

MongoDB Atlas · Pinecone · Firebase

Payments

Polar.sh

Payments are handled by Polar.sh as merchant of record — we never store your card details, only a transaction reference and your subscription status.

Verifiable deletion

Your data, deleted on request

Ask us to remove your organization and we purge it everywhere it lives — records across every database, cached state in Redis, every uploaded file in object storage, and your vectors in the search index. Not a soft flag: the data is gone.

Today this is fulfilled by our team on request, not a self-serve button. We delete on request — we just don't pretend it's one click yet.

Proof: radical transparency

We tell you what most won't

The strongest signal a young platform can give isn't a logo wall — it's saying out loud exactly how your data is handled, and being checkable on it.

63.6%

of AI vendors don't disclose a single third-party AI sub-processor. We name all of ours.

DataGrail, AI Vendor Data Privacy report, 2026

Proof: radical transparency

Named sub-processors, retrieval grounded in your own content, no training on your data, and deletion you can verify — the things enterprise buyers now treat as conditions of doing business.

Talk to a human

Security questions, answered

Doing a vendor review, need a Data Processing Agreement, or spotted something that looks off? Reach the team directly.

Email us[email protected]

A Data Processing Agreement is available on request.

Found a vulnerability? Report it to the same address and we'll get on it.

landing.featurePages.security.closingCta.cta.trust.eyebrow

landing.featurePages.security.closingCta.cta.trust.heading

landing.featurePages.security.closingCta.cta.trust.subheading