Security: the facts

The things a security reviewer asks, answered plainly. This page states what is true today; it is not a marketing claim.

What we defend against

• Cross-tenant exposure: tenant identity comes only from a validated OAuth token; every query is tenant-filtered, and visibility is re-checked at the search layer.
• Scope escalation: Personal ⊂ Team ⊂ Company visibility is enforced in the database queries and re-checked on write paths.
• Knowledge poisoning: company-wide knowledge is never auto-created; team knowledge requires human approval; agent feedback is treated as evidence, never as a command.
• Secret leakage: submissions are screened at write time; secrets, credentials and personal data are refused. The platform refuses to run internet-facing with that screening disabled.
• Abuse: per-user rate limits, request size caps, and hardened HTTP timeouts.

Controls in place

• OAuth 2.1 resource server, asymmetric token validation only.
• Append-only audit trail of every ask, submission, curation decision and denied access (tenant, user, correlation id).
• Distributed tracing across the serving path.
• Dependency vulnerability scanning and static analysis in CI; minimal, non-root containers.

Data handling

• Knowledge and submissions are tenant-scoped in Postgres.
• Full export of everything you've stored, anytime.
• LLM subprocessors: query and submission text is processed by DeepSeek (curation, retrieval) and Voyage AI (embeddings). Bring-your-own-model options are an enterprise conversation.

Reporting a vulnerability

Contact us with details and reproduction steps; we aim to acknowledge within two business days. Please don't open public issues for security reports. (A formal disclosure policy ships with general availability.)