Security we can prove, not just claim.
We're an early-stage company, and we'll say so plainly: we don't hold formal certifications yet. What we do have is a platform that is already live — and it's built so that its security guarantees hold because of how it's wired, not because we ask you to take our word for it.
npx @zindexzero/sdk proofPoint it at two keys and watch one tenant fail to read the other's data — the credential fence below, runnable. SDK docs →Guarantees enforced by the architecture
Isolation at the credential layer
Tenants are separated by AWS credentials, not by a query filter you have to trust us to write correctly. Each request runs under a temporary session scoped to exactly one tenant's resources — so a bug fails closed with “access denied,” never a leak.
Least privilege, everywhere
Every service gets the narrowest permissions it needs and nothing more. The browser never holds long-lived cloud keys — only short-lived, scoped credentials issued per session and expired automatically.
Encrypted in transit and at rest
Data is encrypted in storage and over TLS in flight. File access uses single-purpose links that expire within minutes, so a shared URL can't be replayed later.
Keys are treated like secrets
API keys are stored only as one-way hashes — we can't recover yours, and neither can anyone who reads our database. They're disabled by default, revocable instantly, and rate-limited per key.
Your data isn't training data
AI inference runs inside our own AWS account, in the US. Your inputs and outputs are never used to train models and never shared with the model providers — enforced by AWS's model-deployment architecture, not just a policy promise.
Private knowledge, kept private
Documents you upload live in an index only your own credentials can reach. Retrieval physically cannot cross into another tenant's data — the same credential fence, applied to your knowledge base.
Isolation, running in a real app
Our first application, PipFlow, puts the model to the test. It gives each lawyer a private knowledge base — and every lawyer's documents are siloed from every other lawyer's, even inside the same firm.
The app never holds a secret key. Each user is identified by a cryptographically verified sign-in token — checked on our side, never simply asserted by the app — which selects that user's knowledge base and nothing else. It's the same credential fence described above, proven under production traffic.
- Per-user knowledge bases, siloed within a firm
- Identity verified by signature, not trusted from the client
- No secret key ever ships inside the app
- A misrouted request is denied, not leaked
We'll show the audits as we earn them.
We don't hold SOC 2, ISO 27001, FedRAMP, or similar certifications today — and we won't display badges we haven't earned. We're engineering toward the frameworks regulated and defense customers depend on, and we'll publish each one when it's real.
See the frameworks we're working towardResponsible disclosure
Found a security issue? Tell us before you tell the world. We'll respond quickly and work with you in good faith.
Report an issueAsk us anything about how it works.
We'd rather explain the design than hand you a checklist. If you have questions about isolation, data handling, or where your data lives, get in touch.