Trust & Security

Security You Can
Actually Count On

We handle your business data, your customers' conversations, and in some cases your payment flows. Here's exactly what we do to keep all of it safe.

AES-256 Encryption at Rest
TLS 1.3 in Transit
Complete Tenant Isolation
HMAC-Signed Widget Tokens
Hardcoded AI Safety Rules
PCI-Aware Card Redaction
Immutable Audit Logging
Data Protection
Encryption

All data stored on the Ochre Sail platform is encrypted at rest using AES-256 — the same standard used by financial institutions and government agencies. All data in transit is protected by TLS 1.3, preventing interception or tampering between your users and our servers.

AES-256 encryption for all data at rest, including conversation logs, business configurations, and customer records
TLS 1.3 enforced for all client-server communication — no unencrypted connections accepted
Database backups encrypted with the same key management practices as primary storage
Hosted on Vercel and Supabase — SOC 2 Type II compliant infrastructure
AI Safety Rules
Hardcoded & Non-Overridable

Our AI platform has safety guardrails built into the system layer — not the prompt layer. That means they cannot be overridden by business configuration, user input, or prompt injection attempts.

The AI will never provide medical, legal, or financial advice — regardless of how it is asked
Card data (credit card numbers, CVVs, expiry dates) is automatically detected and redacted before any data reaches an AI model
Platform safety rules are enforced at the infrastructure level — no tenant configuration can disable them
Prompt injection attempts are detected and blocked — users cannot manipulate the AI into bypassing business rules
Tenant Isolation
Complete Separation

Ochre Sail is a multi-tenant platform, but each tenant operates in complete isolation. Your data, conversations, and configurations are never visible to — or accessible by — any other client on the platform.

Row-level security enforced at the database layer for every query — no application-level bypass possible
Each tenant's AI context is fully scoped — the AI cannot access or reference data from any other tenant
Tenant identifiers are cryptographically validated on every API request
Configuration changes, conversation logs, and analytics are fully siloed per tenant
Access Control
Role-Based

Access to the platform is governed by a four-tier role hierarchy. Each role has precisely scoped permissions — no user can access data or perform actions beyond their assigned role.

platform_owner — full platform administration, all tenant access
platform_operator — operational access across tenants, no billing or infrastructure changes
client_admin — full access to their own tenant, no cross-tenant visibility
client_staff — read/respond access within their tenant, no configuration changes
Chat widget tokens signed with HMAC-SHA256 — forgery or replay attacks are rejected at the API boundary
Audit Trail
Immutable Logging

All significant platform actions generate an immutable audit event. This provides a complete, tamper-proof record of what happened, who did it, and when — useful for both security investigations and operational accountability.

All module operations logged — every AI action, response, and configuration change recorded
Configuration changes tracked with full before/after diffs — no silent mutations
User authentication events (login, logout, failed attempts) logged with IP and timestamp
Audit logs are append-only — existing records cannot be modified or deleted
Compliance Posture
OWASP • PCI-Aware • GDPR-Friendly

We take a security-first approach to development and operations, with specific attention to the compliance requirements most relevant to our clients' industries.

OWASP Top 10 addressed in application design — injection, broken access control, and cryptographic failures are specifically mitigated
PCI-aware card data redaction — payment card numbers detected and stripped before reaching AI models or logs
GDPR-friendly data retention controls — clients can request data deletion and manage retention periods
SOC 2 compliant infrastructure through Vercel and Supabase hosting providers
Infrastructure

Built on Proven Foundations

We don't build our own data centers. We use the same infrastructure trusted by thousands of enterprise companies worldwide.

Vercel

Application hosting and edge delivery. SOC 2 Type II certified. Global CDN with DDoS protection built in. Automatic SSL certificate provisioning and renewal.

Supabase

Managed PostgreSQL database with row-level security, built-in auth, and point-in-time recovery. SOC 2 Type II certified. Hosted on AWS infrastructure with data residency controls.

Claude AI (Anthropic)

All AI inference runs through Anthropic's Claude API. Anthropic is a safety-first AI company with enterprise data handling agreements, no training on customer data by default, and rigorous content policy enforcement.

Responsible Disclosure

Found a Security Issue?

Report a Vulnerability

We take security reports seriously and respond promptly. If you've found a potential vulnerability in the Ochre Sail platform, please contact us privately before any public disclosure.

Email: security@ochresail.com

When reporting, please include:

1
A description of the vulnerability and which component or feature is affected
2
Steps to reproduce the issue, or a proof-of-concept if applicable
3
Your assessment of the potential impact
4
Any suggested mitigations, if you have them

We'll acknowledge your report within 48 hours, keep you updated on our progress, and give credit to researchers who report valid issues — unless you prefer to remain anonymous. Please give us reasonable time to address the issue before any public disclosure.

Questions About
Our Security Practices?

We're happy to discuss our security posture with prospects, existing clients, or security researchers. Reach out directly.

Talk to Steve Email Security Team