security

Security by architecture,
not by policy.

Your data never leaves your infrastructure. Here's how.

architecture

Built different from the ground up

Isolated instances

Every customer gets their own machine. Not a container on shared infra. A real, isolated server.

Zero data transit

Your data stays on your instance. Chain configs, agent outputs, run logs — all local.

Direct API calls

LLM API keys go straight from your instance to the provider. No proxy, no middleman.

Full data sovereignty

You choose the region. You own the data. Export anytime. Delete and walk away clean.

Encryption & secrets

Your keys and credentials are the most sensitive data in the system. We treat them that way.

AES-256-GCM encryption for secrets at rest

Secrets vault with per-org access control

API keys never stored in plain text

Environment variables injected at runtime, not persisted in chain configs

Access control

Fine-grained permissions. Right people, right things.

Role-based access (Owner, Admin, Member, Guest)

Organization-scoped data isolation

Token-based member invites with expiry

Path-level isolation between organizations

compliance

Designed for compliance

GDPR

Data stays in your chosen region, full export and deletion on request.

SOC 2

Audit trail on your machine, no third-party data access.

HIPAA

Isolated infrastructure, encrypted at rest. BAA available on Enterprise.

Specific certifications are on our roadmap. Have requirements? security@mentiko.com

transparency

What we don't do

Not marketing promises. Architectural constraints.

xWe don't store your API keys on our servers

xWe don't proxy your LLM API calls

xWe don't have access to your chain outputs

xWe don't retain your data after account deletion

xWe don't sell or share any customer data

Questions about
security?

We'll answer anything about how your data is handled.

security@mentiko.com

30 seconds. No credit card.

Security by architecture,not by policy.