Security & data
Coming Phase 1.5The short version: your data stays yours, our model providers don't retain it, and we run regular third-party security reviews. The longer version is below.
Zero data retention with our providers
We don't let the model providers we work with keep your prompts or your outputs. Every provider we use is configured to drop your data immediately after serving the request. There is no faster-cache opt-in path that trades retention for speed — the trade isn't on the table.
Integrity checks on memory
When something is added to your memory, it gets signed. Before that item is read back into a session, the signature is checked. If the signature doesn't match, the item is rejected. This is one of several layers of protection against memory tampering — including a review queue for anything inferred from external sources.
Third-party security reviews
We commission third-party security reviews on a regular cadence. The most recent review covered the platform's authentication surfaces, data-handling pipelines, and the memory architecture. Findings are tracked publicly in our security log; the high-severity findings from prior reviews are all closed.
Data residency
Your data stays in the regions you've contracted for. We don't move it across regions for our convenience. If you have specific residency requirements (EU, US, region-pinned), they're honored at the data layer, the cache layer, and the provider layer simultaneously.
Reporting a security issue
If you've found something that looks like a security issue, please tell us. The fastest path is to email security at neumannic dot com. We acknowledge every report within one business day and follow up with a disposition within seven.