Security
Data Isolation & Encryption
Workspace isolation · Field encryption · Key management
Isolation Layers
Encryption
| Data | Method |
|---|---|
| In transit | TLS 1.3 · legacy versions disabled · HSTS |
| At rest (full table) | AES-256 (MySQL TDE / PostgreSQL pgcrypto) |
| Credentials (API Key / Token) | Field-level AES-256, separate master key |
| File storage | Server-side encryption (SaaS) / FS encryption (Private) |
| Passwords | bcrypt (cost factor 12+) |
Master Key
| Item | Configuration |
|---|---|
| Source | Provided at startup via SECRET_KEY env var |
| Length | 64-char hex (32 bytes) |
| Storage | Don't commit in code or .env to a repo; use K8s Secret / Vault / KMS |
| Rotation | Currently requires downtime; online rotation on the roadmap |
Sensitivity of Knowledge Base Data
Knowledge bases may hold sensitive business data (contracts / financials / medical records). Recommendations:
| Sensitivity | Deployment |
|---|---|
| Highly sensitive | Private + air-gapped + self-hosted models |
| Moderate | Private + SaaS LLM (egress on call) |
| Low | SaaS |
Data Egress
In Private, all calls are intranet by default. Egress occurs only when:
| Scenario | Egress? |
|---|---|
| Using SaaS LLM (OpenAI / Claude) | ✓ Yes |
| Using self-hosted LLM | ✗ No |
| Web search system tool | ✓ Yes |
| Using third-party SaaS tool | ✓ Yes (depends on the tool) |
Data Lifecycle
| Stage | Control |
|---|---|
| Collection | Only essential business fields |
| Storage | Encrypted + isolated |
| Use | Least privilege + audit |
| Deletion | Soft delete + hard delete + backup expiry |
| Export | Secondary confirmation + audit for sensitive data |
GDPR Data Subject Rights
| Right | Provided by Evose |
|---|---|
| Access | Users can view their own data |
| Rectification | Users can edit personal info |
| Erasure | Deletion requests trigger full removal |
| Portability | Export JSON / CSV |
| Restrict processing | Suspend account |
Next Steps
- 6-layer defense → Defense in depth
- Compliance → Compliance