[ Trust ]
Security is engineering.
How we protect customer data, operate infrastructure, and support enterprise deployments — with evidence, not slogans.
- Transit
- TLS 1.3
- Compliance
- SOC 2
- Pro uptime
- 99.9%
- Security
- Report
Encrypted by default
Type II in progress
Target availability
security@idonai.com
[ Controls ]
Four pillars we operate on
Select a pillar for detail. These are production practices — not a marketing checklist.
[ In transit & at rest ]
Encryption
TLS 1.3 for all public endpoints. Stored data and backups encrypted at rest with managed keys. Secrets never land in logs.
- TLS 1.3 everywhere
- Encryption at rest
- Key rotation
[ Documents ]
Policies you can read
[ Availability ]
Uptime & support targets
| Tier | Uptime target | Support | Response |
|---|---|---|---|
| Pro | 99.9% | Business hours email | 1 business day |
| Enterprise | 99.95% | Dedicated channel | Custom SLA |
Targets, not guarantees, unless contracted. Status lives at /status.
[ Data practices ]
What happens to your content
Training data
Customer API content is not used to train public models by default. Enterprise agreements can harden this further.
Retention
Logs and request metadata follow plan settings. Enterprise customers can request custom retention windows.
Subprocessors
A limited set of providers for hosting, auth, and email. Current list available on request for enterprise.
[ Report a concern ]
Responsible disclosure
- 01
Email security
Write security@idonai.com with steps to reproduce.
- 02
We triage
We acknowledge and classify severity.
- 03
We fix & notify
Patch, verify, and update affected parties when required.
[ Enterprise ]
Need a security review packet?
We can share architecture overviews, DPA drafts, and subprocessors under NDA for qualified deployments.