Your data, your rules.

SOC 2 Type II underway. GDPR compliant. Your data never trains our models. Built for teams that take security seriously. Read our Terms of Service and Privacy Policy for full details.

GDPR CompliantVanta - View our trust reportCCPA Compliant

Certified and compliant

SOC 2 Type II

Certification underway with continuous monitoring via Vanta. View our trust center. Full report available under NDA upon completion.

GDPR Compliant

EU data processing agreements available. Right to deletion honored within 60 days. Standard and custom DPAs available.

CCPA Compliant

California privacy rights fully supported. Transparent data collection and processing. Opt-out mechanisms in place.

How we protect your data

Your data stays isolated

Each workspace is fully isolated. No cross-contamination between customers. Your data never leaves your environment.

Acme Corp
Knowledge Base
AI Agent
Conversations
Training Data
Luma Co
Knowledge Base
AI Agent
Conversations
Training Data
Complete isolation. No data crosses workspace boundaries.

Nothing trains our models

Your data is never used for model training. It serves only your agents, only your team. Clear separation, guaranteed.

Hi, I placed order #4821 last week but haven't received any shipping update yet. Can you check?
Sure! Let me look that up for you. Order #4821 shipped via FedEx on Tuesday.
My subscription renewal failed and I was charged twice. Can you help fix this?
I've issued a refund for the duplicate charge. It should appear within 3-5 business days.
How do I reset my password? The reset email never arrived in my inbox.
I just sent a new reset link to your email. Check your spam folder if you don't see it.
Can I upgrade my plan from Starter to Pro? Will I lose any data during the switch?
No data will be lost. I've applied a prorated upgrade. Your Pro features are now active.
The checkout page keeps showing an error when I try to apply my discount code.
That code expired yesterday. I've generated a new 15% discount code for you: SAVE15NEW.
I need to cancel my account. Can you walk me through the process?
I can help with that. Before canceling, would you like me to pause your plan instead?
Is there a way to export all my data before I close the account?
Absolutely. I've started a full data export. You'll receive a download link within an hour.
My team member can't access the shared dashboard. She gets a permissions error.
I've updated her role to Editor. She should now have full dashboard access.
Hi, I placed order #4821 last week but haven't received any shipping update yet. Can you check?
Sure! Let me look that up for you. Order #4821 shipped via FedEx on Tuesday.
My subscription renewal failed and I was charged twice. Can you help fix this?
I've issued a refund for the duplicate charge. It should appear within 3-5 business days.
How do I reset my password? The reset email never arrived in my inbox.
I just sent a new reset link to your email. Check your spam folder if you don't see it.
Can I upgrade my plan from Starter to Pro? Will I lose any data during the switch?
No data will be lost. I've applied a prorated upgrade. Your Pro features are now active.
The checkout page keeps showing an error when I try to apply my discount code.
That code expired yesterday. I've generated a new 15% discount code for you: SAVE15NEW.
I need to cancel my account. Can you walk me through the process?
I can help with that. Before canceling, would you like me to pause your plan instead?
Is there a way to export all my data before I close the account?
Absolutely. I've started a full data export. You'll receive a download link within an hour.
My team member can't access the shared dashboard. She gets a permissions error.
I've updated her role to Editor. She should now have full dashboard access.

Data handling

PII redaction

Enable PII redaction to strip personal identifiers (credit cards, emails, phone numbers, SSNs, API keys, names, and more) from content before it is processed or sent to AI providers. Redaction happens at ingestion, so original data never reaches our database or search index.

Encryption everywhere

AES-256 at rest, TLS 1.2+ in transit. All data encrypted end-to-end between your tools and our platform, including backups.

Secrets management

API tokens, credentials, and certificates are managed centrally via 1Password and AWS Secrets Manager. The AI never receives direct API tokens or system access. It only works with a programmatically maintained copy of explicitly shared data.

Access and identity

SSO with mandatory MFA

All employees authenticate via Google Workspace SSO with mandatory multi-factor authentication. Customer-side SSO and 2FA available on custom plans.

Least-privilege access

Engineers default to read-only AWS IAM roles with explicit denials on secrets, RDS, and Lambda config. Write access to production requires elevated, audited roles.

Network controls

Production databases are not public-facing. Access requires an OpenVPN connection. CI/CD authenticates via GitHub Actions OIDC federation with no long-lived credentials stored.

Operations

Vulnerability management

Annual third-party penetration tests by accredited testers. Continuous SAST and DAST scanning in CI. Patch SLAs: Critical and High within 30 days, Medium 60 days, Low 90 days. High and above findings are re-tested to confirm remediation.

Backup and resilience

Daily automated encrypted backups on AWS RDS. Multi-AZ deployment with AWS load balancing and redundancy. Disaster recovery and business continuity plans maintained. RTO/RPO targets and recovery test cadence documented internally and available to enterprise customers under NDA.

Incident response

Formalized process: containment, investigation, root-cause analysis, and remediation. Customers notified within 72 hours of any incident affecting their data. Full details documented in our Cloud Service Agreement.

Secure development

OWASP and NIST aligned

Our Secure Software Development Lifecycle follows OWASP and NIST frameworks. All employees complete mandatory security training at induction and annually.

Peer review and automated scans

Every change undergoes manual peer code review plus automated SAST and DAST scans before deployment to production.

Soak in staging

Changes are validated in a staging environment and pass automated tests before being promoted to production via our change-control process.

Enterprise security

Cloud Service Agreement

Enterprise customers can sign a formal CSA with security exhibits and insurance certificates. Contact hi@eesel.app to get started.

Data Processing Agreement

Common Paper DPA v1.0 with sub-processor management and advance notice of changes. See our terms page for details.

Sub-processors

Core sub-processors include AWS, Pinecone, OpenAI, Anthropic, and Google. Full and up-to-date list with purposes and locations on our privacy page.

Security contact

Patrick is our designated security contact for incident response, questionnaires, and infosec inquiries. Reach him at pat@eesel.app.

Security FAQ

SOC 2 Type II certification is currently underway. We use Vanta for continuous compliance monitoring. The full report will be available under NDA once the audit is complete.

No. Never. Your data is used exclusively to serve your AI agents. It is never included in any training data, period.

US East (N. Virginia) on AWS. EU hosting available on request. All data encrypted at rest (AES-256) and in transit (TLS 1.2+).

Yes. Request deletion anytime. Data is fully purged within 60 days per GDPR requirements. We provide confirmation of deletion.

Yes, we're able to offer a DPA upon request for enterprise plans.

AES-256 at rest, TLS 1.2+ in transit. All data encrypted end-to-end between your tools and our platform.

Yes. Enterprise plans support custom models. Bring your own fine-tuned model or use ours. Full control over model selection.

Yes. Customers can enable PII redaction to strip personal identifiers (credit cards, emails, phone numbers, SSNs, API keys, names, and more) from content before it is processed or sent to AI providers. Redaction happens at ingestion, so the original data never reaches our database or search index.

Within 72 hours of becoming aware of any incident affecting your data. Our incident response process covers containment, investigation, root-cause analysis, and remediation, and is documented in our Cloud Service Agreement.

Still have more questions?

Ready to review our security posture?

Visit our trust center for real-time compliance status, or reach out to our security contact for a Cloud Service Agreement, DPA, or security questionnaire.

View trust centerTalk to security team