Security & Trust

Your data runs through our employees. Here is how we protect it.

We would rather earn your trust with clear commitments than with marketing language. Below is how we handle your data, the standards we build to, and how to reach our security team.

How we handle your data

Six commitments we hold for every customer, on every task.

We never train on your data

Your proprietary business data is processed only to complete your task. It is not used to train models, and it is not retained beyond what the task requires.

Encrypted in transit; credentials sealed at rest

All traffic is TLS-encrypted on the wire, with HSTS enforced. Your OAuth tokens, API keys, and integration credentials are sealed at rest with per-user envelope encryption.

Least-privilege access

Every employee acts under a scoped identity with read-only access by default. Write actions require explicit permission. There is no master key.

Every action is logged

A timestamped audit trail records what each employee did and why, so you can trace any decision after the fact — not just trust that it happened.

Export or delete, anytime

Your data is yours. You can export it, and you can request complete deletion, in line with your rights under GDPR.

You stay in control

High-risk actions wait for your approval rather than running on assumption, and a kill switch stops any employee instantly. Oversight is the default, not an add-on.

Built to recognized standards

We build to established security and privacy standards rather than inventing our own.

NIST

Identity, authentication, and password-storage guidance (SP 800-63B).

OWASP

Application and LLM security practices (ASVS and the OWASP Top 10 for LLM Applications).

GDPR

Data-protection rights, including portability and erasure.

SOC 2 Type II is on our roadmap. We will begin a formal observation window after launch. Until that report exists, we will not claim a certification we do not hold.

Talk to our security team

Evaluating LiquidCortex?

Detailed security documentation — architecture, controls, and our security questionnaire — is available under NDA for teams in evaluation. Email [email protected].

Found a vulnerability?

Report it to [email protected]. We acknowledge reports in good faith and ask for reasonable time to remediate before public disclosure.