Security & Privacy

Deployment model

• An end-to-end self-hosted architecture, including the application, its internal database, and the underlying language model.
• Deployed on customer-managed on-premises or private cloud infrastructure
• No multi-tenant environments
• Customer controls network boundaries, access policies, and runtime configuration
• No dependency on vendor-operated infrastructure for normal operation

Data ownership and access

• All customer data remains within the customer environment
• Sealed Intelligence cannot access, store, or transmit customer data outside customer-controlled systems
• No customer data is visible to or retrievable by the vendor
• Customers retain full ownership and control of all data processed and stored by the system

Data storage

Sealed Intelligence stores application data within a customer-managed database hosted inside the customer's infrastructure.

Stored data may include:

• User inputs and generated outputs
• Application configuration and metadata
• Encrypted credentials and secrets
• Operational logs and error traces

All stored data remains within the customer's security boundary. Database access controls, encryption, backups, retention, and deletion policies are fully managed by the customer in accordance with their internal security and compliance requirements.

Runtime connectivity

• No outbound internet connectivity required for normal operation
• No call-home behavior
• Local license validation without external communication
• Optional integrations such as web search are disabled by default and can be enabled only by administrators using customer-provided credentials
• Supports disconnected and air-gapped runtime environments

Initial installation and upgrades may require temporary network access to obtain software artifacts. Fully offline delivery and private registries are supported for restricted environments.

Telemetry and monitoring

• No usage tracking or behavioral analytics
• No telemetry, analytics, or logs transmitted outside the customer environment
• Any data shared for support or troubleshooting is explicitly initiated and controlled by the customer
• All logs and error traces remain under customer control

Security controls

Sealed Intelligence is designed to integrate with enterprise security and governance practices, including:

• Role-based access control
• Encryption in transit for database connections by default
• Encryption at rest via customer-controlled database and infrastructure mechanisms
• Separation of administrative and user roles
• Support for single sign-on using customer-issued JWT identity tokens

Compliance alignment

Sealed Intelligence is architected for use in regulated environments such as healthcare, financial services, legal, and government organizations.

The platform supports alignment with widely adopted security and privacy frameworks, including:

• SOC 2 Trust Services Criteria
• ISO 27001
• HIPAA
• GDPR and PIPEDA

Detailed security architecture documentation, data flow diagrams, control mappings, deployment guidance, and compliance support materials are available upon request under NDA.

Shared responsibility model

• Customers are responsible for infrastructure security, database management, access control, and operational policies
• Sealed Intelligence provides secure-by-design software and deployment guidance
• Clear responsibility boundaries support internal audits and regulatory reviews

Vulnerability handling

We maintain a responsible vulnerability disclosure and remediation process. Security issues can be reported directly to our team, and updates are delivered through controlled release mechanisms.

Learn more

Detailed security and risk assessment materials are available under NDA.