Security at Tegendo.AI
Built by a security leader. Every layer designed to protect your data.
Security by design
Tegendo.AI is built from the ground up with enterprise security requirements. We don’t bolt security on after the fact — it’s foundational to every architectural decision. From encryption at every layer to strict tenant isolation, we treat your data as if it were our own.
AES-256Encryption at rest
TLS 1.3Encryption in transit
RLSRow-level security
SOC 2Compliance in progress
Encryption
Data at rest: AES-256-GCM
Data in transit: TLS 1.3
BYOK keys: Envelope encryption with per-org derived keys
Key management: Master key in environment, per-org keys derived via SHA-256
Tenant Isolation
Database: Row-Level Security on every table
Query scope: Organization-scoped queries enforced at the database layer
Data boundaries: No shared data between organizations
Storage: Separate storage buckets per organization
Compliance Roadmap
Q2 2026SOC 2 Type IIn progress
Q4 2026SOC 2 Type II
2027ISO 27001
OngoingGDPR ComplianceActive
Data Handling
Storage: Conversations stored in Supabase (PostgreSQL) with RLS
Retention: Configurable retention policies (admin-controlled)
Export: Full data export capability
Deletion: Right to deletion (GDPR Article 17)
AI providers: Providers receive conversation content for processing but do NOT train on API data
BYOK Security Model
Key storage: Keys encrypted with AES-256-GCM before storage
Key derivation: Per-org encryption key derived from master key + org ID
Key exposure: Keys never logged, never exposed in responses
Key usage: Keys used per-request, never cached in plaintext
Responsible Disclosure
Found a security issue? We take all reports seriously.
Contact: security@tegendo.ai
Response time: 48 hours for initial acknowledgment