Security & compliance
The security posture is the product.
You pay us in part to hold a SOC 2 Type II report so you don't have to. The full posture lives in doc 05 — this page is the one-pager that gets it into your procurement workflow.
Our commitments
Contractual, not aspirational. Each ties to a section of doc 05.
Zero customer data in model training
Session data is used only to generate the spec for your account, then discarded per the retention policy. We do not use customer sessions, selectors, or spec outputs to train any model — first-party or third-party.
doc 05 §4
Encryption at rest and in transit
AES-256 at rest with per-tenant KMS CMKs (Enterprise). TLS 1.3 in transit. Connector tokens stored in AWS Secrets Manager with 90-day rotation.
doc 05 §2
Tenant isolation at the storage and inference layers
Aurora row-level security with per-request `app.current_tenant_id` GUC. S3 per-tenant prefix with separate KMS keys. SQS FIFO queue per tenant for the runner. LLM prompts include tenant-scoped context only.
doc 05 §1, doc 03 §3
Customer-cloud runner for Enterprise
Self-hosted Docker runner in your VPC, using your own Anthropic or Bedrock API keys. Session data never leaves your network. The SaaS control plane handles metering and billing only.
doc 05 §6
Prompt-injection defense
Session DOM content is treated as untrusted. AST validation rejects generated specs that call non-primitive APIs. Prompt context is structurally separated from session content.
doc 04 §6, doc 05 §1
Append-only audit log per tenant
Every action against your data is logged immutably and exportable. Available via dashboard and API. Retention configurable per tier.
doc 05 §3
STRIDE summary
The threat model we hold ourselves to. Full STRIDE matrix is in doc 05 §1.
| Actor | Attack path | Mitigation |
|---|---|---|
| Malicious tenant | Cross-tenant session read | RLS + tenant_id GUC, IDOR fuzz in CI |
| Malicious tenant | Spec tampering via API | Object-level authz middleware, integration tests |
| Malicious insider | Token exfiltration | Break-glass via 1Password + AWS SSO, audit-logged |
| Compromised connector token | Read customer sessions | 90-day rotation, anomaly detection, soft revoke |
| Supply-chain attacker | Backdoored dependency | SBOM, exact-pinned deps, signed releases via Sigstore |
| Prompt-injection in session | Coerce model to emit malicious spec | AST validation against primitive registry, isolated prompt context |
Reporting a vulnerability
Do not file a public GitHub issue for security vulnerabilities. Email ryan@speechlab.ai with reproduction steps and impact assessment. We acknowledge within 2 business days and ship fixes for critical issues within 30 days. See SECURITY.md for the full disclosure policy.