How your data moves
From browser to LLM and back — every hop is authenticated, encrypted, and scoped to your tenant.
Browser
HTTPS only
HSTS enforced
HSTS enforced
Nginx + TLS
TLS 1.3
Let's Encrypt
Let's Encrypt
Flask + Auth
login_required
tenant scope
tenant scope
Agent Gateway
Prompt scoped
per tenant
per tenant
LLM Router
Groq / Gemini
encrypted transit
encrypted transit
PostgreSQL
Schema isolation
tenant_{id}
tenant_{id}
Tenant isolation
Schema-level separation
Structural
Every tenant gets their own PostgreSQL schema (
tenant_{id}). Documents, agent conversations, and KB chunks are physically separated — not just filtered by a WHERE clause.Session-scoped API calls
Enforced
Every authenticated API route checks
current_user.tenant_id and restricts all database operations to that tenant. No cross-tenant paths exist in the codebase.Agent prompts are tenant-scoped
By design
Agent system prompts include only the requesting tenant's custom instructions, KB context, and agent profile. No other tenant's data is ever in the prompt window.
Audit log per tenant
Active
Every agent tool call, file upload, and OAuth token exchange is written to an audit log scoped to the tenant. You can review what any agent did and when.
Authentication & access control
Password hashing
bcrypt
Passwords are hashed with bcrypt (work factor 12). Plaintext passwords are never stored or logged. Brute-force is rate-limited at the application layer.
Google Sign-In
OAuth 2.0 + PKCE
Google authentication uses the Authorization Code flow with PKCE. No client secret is exposed to the browser. Google verifies email ownership before we provision the account.
Email verification
Required
Email/password registrations require email verification before accessing the dashboard. Google sign-in users are marked verified immediately (Google already verified the email).
Secure sessions
HttpOnly + SameSite
Session cookies are
HttpOnly (no JS access), Secure (HTTPS only), and SameSite=Lax (CSRF protection). Session secret is a randomly generated 256-bit key per deployment.Credentials & third-party tokens
OAuth tokens
DB stored, scoped
Google Workspace and HubSpot OAuth tokens are stored in the
oauth_tokens table scoped to tenant_id + user_id. Refresh tokens are rotated automatically on use.API keys in environment
Never in code
LLM provider keys (Groq, Gemini, Anthropic), integration keys, and DB credentials are loaded exclusively from environment variables. They are never hardcoded or logged.
File upload handling
Sanitised + temp-only
Uploaded KB files are written to a temp directory, processed into chunks, then deleted immediately. Only extracted text is stored in the database — original files do not persist on disk.
Filename sanitisation
werkzeug.secure_filename
All uploaded filenames are sanitised with Werkzeug's
secure_filename() before use. Path traversal and directory injection are structurally prevented.Transport security & HTTP headers
TLS 1.3 only
Let's Encrypt
All traffic is encrypted in transit. Nginx is configured to accept TLS 1.2+ only in production, with TLS 1.3 preferred. Auto-renewed certificates via Certbot.
Security headers
Applied globally
Every response includes:
X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, Referrer-Policy, and Strict-Transport-Security.CSRF protection
SameSite cookies
Session cookies use
SameSite=Lax which blocks cross-site form submissions. Sensitive state-changing endpoints additionally validate the authenticated session.SQL injection prevention
Parameterised queries
All database queries use parameterised statements via psycopg2. No string-interpolated SQL exists in the codebase. Schema names are validated against a strict allowlist.
Data retention & what we store
We store
- Agent chat history (per tenant schema)
- Knowledge Base documents (chunked text + embeddings)
- Workflow run history and results
- Boardroom decision records
- Schedules and task definitions
- OAuth tokens for connected integrations
- Audit log of agent actions
We do NOT store
- Plaintext passwords (bcrypt only)
- Uploaded files after processing
- LLM API keys in the database
- Cross-tenant data in any shared table
- Browser fingerprints or tracking pixels
- Third-party analytics cookies
🛡️ Responsible disclosure
We take security reports seriously. If you discover a vulnerability in AEGIS OS — whether it's a data exposure, authentication bypass, injection flaw, or anything else — please report it privately before public disclosure. We commit to acknowledging reports within 48 hours and resolving confirmed issues within 14 days.
Please do not use automated scanners against production accounts belonging to other users, attempt to access other tenants' data, or perform denial-of-service testing without prior written agreement.
🔒 [email protected]