Data isolation
Cortex resources are scoped by product_instance_id. Canopy Host resources are scoped by authenticated user and team membership.
Security
This page states our current security posture honestly. Confirmed capabilities are listed. Planned capabilities are marked as planned. We do not make claims we cannot back.
Confirmed controls
Cortex resources are scoped by product_instance_id. Canopy Host resources are scoped by authenticated user and team membership.
All traffic is served over HTTPS. Canopy Host provisions TLS certificates for custom domains.
Cortex provider credentials use AES-GCM envelope encryption before storage. Keys are never returned in API responses.
External sync source credentials use the same AES-GCM envelope pattern and clear plaintext config after encryption.
Cortex keys can be scoped to read, chat, ingest, or full access. Expiry is enforced in the API layer.
Cortex records document ingestion, assistant conversations, API key usage, credential access, admin actions, and GDPR requests.
Cortex and Canopy Host implement account deletion and JSON export endpoints for GDPR Art. 17 and Art. 20 workflows.
Both products are hosted on Hetzner infrastructure in European data centres.
Data isolation
In Cortex, every resource is tagged with a product_instance_id at the database row level. A request authenticated with Project A credentials cannot read Project B documents, conversations, or API keys.
Projects, environments, builds, variables, and databases are scoped to the authenticated user and their team memberships. Variables and environment values are handled as secrets and are not exposed in build output.
At-rest encryption
Provider credentials and sync source connection credentials are encrypted before storage using AES-GCM envelope encryption. Full database-level encryption at rest is not currently confirmed as a configured feature and remains on the roadmap.
GDPR
Cortex and Canopy Host implement GDPR rights for erasure and portability. Deletion and export operations are exposed by product APIs and are recorded for auditability.
Model training
Your documents, conversations, and training datasets in Cortex are processed solely to power your own assistants within your project boundary.
Data sent to your configured provider, such as OpenAI or Anthropic, is subject to that provider's policies. You control which provider key is configured.
Roadmap
These capabilities are planned but not yet implemented. If any are blockers for your organisation, contact us and we will tell you where things stand.
SOC 2 Type II audit - in planning
ISO 27001 certification - in planning
Independent penetration testing - in planning
SSO / SAML for Enterprise customers - planned Q1 2027
Full database encryption at rest - on roadmap
Automated backup verification for Canopy Host - on roadmap
Security incident response runbook - in preparation
Formal responsible disclosure programme - in preparation
Responsible disclosure
If you discover a potential security vulnerability in Cortex or Canopy Host, please report it to us before public disclosure. We acknowledge reports within 5 business days.