01 · Encryption
Your keys, your data.
AWS KMS customer-managed keys (BYOK) for every database and object store. MongoDB Atlas BYOK enabled in us-east-1. TLS 1.2+ for every byte in flight; SSL pinning on the mobile and desktop apps.
How we protect
what is yours.
A model of you is the most personal data we will ever hold. The posture below describes, without flourish, how we keep it that way — encrypted, isolated, audited, and owned by you alone.
Four principles
02 · Isolation
One tenant, one boundary.
Strict tenant_id filtering on every query. FalkorDB knowledge graphs are isolated graph-per-tenant. S3 layouts are prefix-per-tenant. There is no shared model, no shared training run, no aggregate insight sold to anyone.
03 · Compliance
SOC 2 Type II — actively underway.
Type II audit in flight with signing imminent. MongoDB audit logging enabled with a 17-event filter for SOC 2 CC6 (logical access) and CC7 (system operations). DPA, BAA, and questionnaire support available on request.
04 · Operations
Watched continuously.
CloudWatch across infrastructure, Sentry across the frontend, Atlas alerts on the data tier. Two snapshots a day plus point-in-time restore (1-day window). Auto-export to S3 with a Glacier lifecycle for long-tail retention.
Zero-knowledge boundary
The token never leaves the gate.
Every request is gated by an access token stamped and verified by the auth gateway. Refresh tokens are HttpOnly cookies, scoped to Domain=.ve.ai, and never reach application code.
Service-to-service traffic carries a tenant claim that downstream services validate before any read or write. A query without a tenant scope is rejected at the database driver layer, not at the route handler.
Data tier
MongoDB Atlas, hardened.
Production lives in a single Atlas project with BYOK active, audit logging enabled, IP allowlisting on, and Private Link in front of every Lambda. Database users are scoped per-service, not shared.
Backups: continuous snapshots with point-in-time restore (1-day window). Daily snapshot exports to S3 (ve-mongodb-backups) with a Glacier lifecycle downstream for cold retention.
Object storage
S3, prefix-per-tenant.
Every uploaded artifact lives under a tenant-scoped prefix. Bucket policies block cross-tenant reads at the IAM layer; signed URLs are short-lived and re-issued per request.
Versioning is enabled on user-content buckets so an accidental overwrite is recoverable. Sensitive buckets use AWS KMS BYOK with the same key material as the database tier.
Region & residency
us-east-1 today. One region, one truth.
All production data and compute runs in AWS us-east-1. There is one source of truth for every tenant; no cross-region replication, no hidden regional caches.
ap-south-1 is provisioned and inactive. When a customer commitment requires it, residency moves there as a deliberate per-tenant migration — never as a silent default.