Skip to content

security

Security by architecture,
not by policy.

Your data never leaves your infrastructure. Here's how.

architecture

How security works

Isolated instances

Every customer gets their own machine. Not a container on shared infra. A real, isolated server.

Zero data transit

Your data stays on your instance. Chain configs, agent outputs, run logs — all local.

Your keys, direct

Bring your own API keys and calls go straight from your instance to the provider -- no proxy, no middleman. Or use included AI through Mentiko's gateway.

Full data sovereignty

You choose the region. You own the data. Export anytime. Delete and walk away clean.

Encryption & secrets

Your keys and credentials are the most sensitive data in the system. We treat them that way.

AES-256-GCM encryption for secrets at rest
Secrets vault with per-org access control
API keys never stored in plain text
Environment variables injected at runtime, not persisted in chain configs

Access control

Fine-grained permissions. Right people, right things.

Role-based access (Owner, Admin, Member, Guest)
Organization-scoped data isolation
Token-based member invites with expiry
Path-level isolation between organizations

compliance

Designed for compliance

GDPR

Data stays in your chosen region, full export and deletion on request.

SOC 2

Audit trail on your machine, no third-party data access.

HIPAA

Isolated infrastructure, encrypted at rest. BAA available on Enterprise.

Specific certifications are on our roadmap. Have requirements? security@mentiko.com

transparency

What we don't do

Not marketing promises. Architectural constraints.

X
We don't store your own provider API keys on our servers
X
Bring your own keys and your LLM calls never route through us
X
We don't have access to your chain outputs
X
We don't retain your data after account deletion
X
We don't sell or share any customer data

Questions about
security?

We'll answer anything about how your data is handled.

security@mentiko.com

30 seconds. No credit card.