Skip to main content

Security and Privacy

At Teckel AI, the security and privacy of your data are our top priorities. We have implemented a multi-layered security strategy to ensure that your information is always protected.

Data Isolation

Each organization's data is completely isolated in our multi-tenant architecture. We use a combination of Postgres Row Level Security (RLS) and application-level security controls to enforce strict data separation. This multi-layered approach means that even in the unlikely event of a bug, our system should prevent any cross-organizational data access. All data is tagged with your unique Organization ID, and all API calls and dashboard views are scoped to your organization.

API Security

Access to the Teckel API is secured by 256-bit API keys. These keys are long, random, and prefixed to identify the organization. We follow security best practices by never exposing the full key after its initial creation. We store only a hashed version of your key and a short prefix for display purposes.

Network Security

All communication with Teckel's services is encrypted using TLS. Our API endpoints are protected with comprehensive security headers including HSTS, CSP, and X-Frame-Options. API endpoints that require browser-based access implement origin validation to ensure requests come from authorized sources. The Teckel SDK is designed for server-side integration to maximize security, though browser-based access is supported for specific use cases.

User Privacy

We treat all of your data, including queries and document snippets, as confidential customer data. We do not use your data for any purpose other than providing our services to you. We do not resell, aggregate, or mine your data to train our own models. You retain full ownership of your data at all times.

Compliance and Data Retention

By default, we retain your trace and audit data indefinitely for historical analysis. However, we can implement organization-specific retention policies upon request. If you choose to leave our service, we can export your data to you for your convenience and securely purge it from our systems. We will never sell your data or use it for training purposes.

Fail-Safe Design

The Teckel Tracer SDK is designed to be fail-safe. If our service is ever unavailable, your internal application will continue to operate without interruption. The SDK will fail silently, ensuring that an outage in our system never causes your application to hang or crash. Audits will be processed as soon as our service is back online.

Third-Party Components

We rely on trusted, enterprise-grade third-party services for our infrastructure, including OpenAI for our audit model and Supabase (hosted on AWS) for our database. We configure these services with high security settings.