Security & AI data handling
Building AI means handling your data, so you deserve straight answers about how we do it. Here's our approach — in plain English, no security theatre.
NDAs and confidentiality
We sign a mutual NDA before anything sensitive is shared. Your data, ideas, and code stay yours. Access is limited to the people working on your project.
Data minimisation
We only collect and process the data a feature actually needs. Where a workflow can run on less data, it does. We don’t hoard data “just in case”, and we delete what we no longer need.
Model-provider disclosure
We’re model-agnostic (OpenAI, Anthropic, and open-source models). We tell you which provider processes your data and where, and — where confidentiality matters — we can use providers and configurations that do not train on your data, or self-hosted open models.
Production guardrails
Agents ship with evals, input/output validation, and observability. Sensitive or high-risk actions are gated and, where appropriate, escalated to a human by design rather than left to the model.
Access and secrets
Credentials and API keys are stored in secret managers, never in code or logs. We follow least-privilege access and use your own cloud accounts wherever possible, so you keep control.
Your data, your control
You own your data and the software we build. On request we provide an export and securely delete data we hold. Handover is documented so your team can run everything without us.
Privacy & compliance posture
We design with the EU GDPR and applicable local data-protection law in mind, applying the stricter standard where they differ. For any project that handles personal data, we agree the lawful basis, retention, and data-handling details up front, in writing.
For how we handle data collected through this website, see our Privacy Policy. This page describes our approach to client project data and is not a substitute for a data-processing agreement, which we're happy to put in place.
Questions about security?
Ask us anything about how your data would be handled. We'd rather answer it now than have you wonder.
Talk to us