Multi-Layer Encryption

• AES-256 encryption at rest - All stored data is encrypted using industry-standard AES-256
• TLS 1.3 in transit - All network communications use the latest TLS protocol
• Encrypted Honey Jars - Knowledge bases remain encrypted from creation to consumption

PII Protection

• Automatic PII detection - Names, addresses, SSNs, credit cards, and more
• Pre-processing scrambling - Sensitive data is scrambled before AI sees it
• Configurable sensitivity - Adjust protection based on your needs
• Passkey-protected access - WebAuthn authentication for sensitive operations

• Complete data sovereignty - Your data never leaves your infrastructure
• Air-gap support - Run completely offline after initial install
• Zero runtime dependencies - No phone-home, no telemetry, no external calls
• Self-hosted only - You choose where your data lives
• Network isolation - Sensitive processing can be completely isolated

• WebAuthn passwordless - Modern, phishing-resistant authentication
• Passkey support - Touch ID, Face ID, Windows Hello, hardware keys
• Role-based access - Users get access to what they need
• Ory Kratos - Battle-tested identity management

• Action logging - Track what happens in your system
• Export capabilities - Get your logs in standard formats
• Local storage - Logs stay on your infrastructure