Built for production.
Honest about where we are.
Your retrieval surface is in the critical path of customer-facing answers. We treat the security posture that way too — explicit defaults, no marketing language, and a public commitment to publish what we don't yet have rather than imply it.
How your data is stored and protected.
- 01
Encryption in transit
TLS 1.2+ on every API endpoint. HSTS enabled on owlgraph.ai. CloudFront-fronted; no plaintext path between the client and the origin.
- 02
Encryption at rest
All tenant data + Postgres metadata stored on EBS volumes with AES-256 encryption (AWS-managed keys). Backups encrypted with the same.
- 03
Tenant isolation
Each customer database runs in its own Kubernetes namespace with its own pod + persistent volume. The API enforces per-database access checks on every request; one tenant can't read another tenant's data even with a valid API key.
- 04
Region pinning
Today: all production data is in
us-east-1. EU + APAC regions are on the roadmap. If region selection is blocking, tell us — it informs ordering. - 05
Logs + telemetry
Request metadata (timestamp, endpoint, status, user ID) is retained for 90 days for debugging and abuse prevention. Question text + retrieved passages are NOT logged in plaintext beyond the lifetime of the request. Per-database audit log (who queried what, when) is available on the Team plan and above.
Authentication, authorization, and rate limits.
- 06
Authentication
Two paths: Clerk-backed user auth for the dashboard, and per-database API keys for programmatic access. Keys are scoped to a single database, revocable instantly, and shown once at creation.
- 07
Authorization
Every database read/write is gated on (key → user → ownership). Cross-tenant access requires a deliberate transfer operation via the admin endpoint; there's no shared-state bypass.
- 08
Rate limiting
Per-key burst limits + per-tenant daily limits. The public demo endpoint has its own layered limits (per-IP daily quota, in-memory burst, global cost ceiling).
Where we are, and what we're not claiming.
SOC 2 Type I: in progress. Targeting Q3 2026 with a Type II window starting immediately after. We'll link the report here when it lands. Until then, we can share our policies, controls list, and current gap analysis under NDA — email us.
GDPR: applicable but not certified. We act as a data processor for customer data; standard SCC-based DPA available on request. Right-to-deletion is implemented for both end-user data (delete database = data gone, persistent volume reclaimed) and audit logs (manual request, 30-day SLA).
HIPAA: no BAA today. Not on the immediate roadmap. If you're a healthcare team evaluating OWLGraph, talk to us — the path is gating on demand, not on technical blockers.
How to report a security finding.
Send security findings to security@owlgraph.ai. We commit to a same-day acknowledgement and a status update within 72 hours. No formal bounty program yet — but we credit reporters in our changelog and will discuss compensation case-by-case for high-impact findings.
Please don't pen-test live customer databases. We're happy to provision a dedicated demo tenant for testing — request via the same address.
Operational posture.
- Uptime SLA: 99.9% on the Pro plan and above, with credits codified.
- Public status: owlgraph.betteruptime.com — live + incident history.
- On-call: 24/7 paging on the API + control plane.
- Disaster recovery: nightly snapshots of Postgres + every tenant volume, retained 7 days. Restore tested monthly.
- No customer data flows through third-party LLM vendors except by your explicit configuration. OWLGraph can run with self-hosted models if you bring your own endpoint.
Need a deeper
review?
We can share our security questionnaire response, controls list, and vendor agreements under NDA. Most reviews take a single 30-min call.