Security
Your data stays yours.
Always.
Security isn't a feature we bolted on. It's the foundation nous is built on.
Data Flow Architecture
Security principles
EU data residency
All processing and storage happens within EU data centers. No data leaves the EU. Full compliance with GDPR Articles 44-49 on data transfers.
End-to-end encryption
AES-256 encryption at rest, TLS 1.3 in transit. Your documents are encrypted from the moment they leave your browser until they're processed by your isolated agent.
No model training
Your documents are NEVER used to train general AI models. Full tenant isolation — your data cannot be accessed by other customers or by us without explicit authorization.
Audit logging
Every access to your knowledge base is logged. View who accessed what, when, and from where. Export logs for your compliance team.
Data deletion
Delete individual documents or your entire knowledge base at any time. Deletion is immediate from the live system. Backups are purged within 30 days.
Access control
API key authentication for all operations. Role-based access for team members. IP allowlisting available on Enterprise plans.
Compliance
GDPR
Full compliance with EU General Data Protection Regulation.
Data Processing Agreement
DPA available for Enterprise customers. Covers sub-processors and data handling.
SOC 2 Type II
Audit in progress. Expected completion Q2 2026.
ISO 27001
Certification planned for 2026.
Questions about security?
We're happy to walk through our security architecture with your team.