Security

Security you can build on.

Aethera is engineered with zero-trust principles and defense in depth, so your work stays private, segregated, and encrypted at every layer.

We never use your content to train models. Your data is yours to keep, and yours to delete.

How we protect your data

Defense in depth, at every layer.

TLS 1.3 with HSTS for everything in transit, and AES-256 for everything at rest.

JWT-based sessions and OAuth 2.0 sign-in with Google and Microsoft, with role-based access enforced on the client, the server, and the API.

PostgreSQL Row-Level Security keeps every organization’s data isolated, and parameterized queries are used throughout.

Rate limiting, strict input validation, idempotency keys, and HMAC-signed webhooks guard every entry point.

An isolated processing environment, strict firewall and IP allowlisting, and secrets injected at runtime, with zero credentials in our code.

Real-time error tracking and immutable audit logs for sensitive actions, so changes stay traceable.

Compliance

We are not yet certified, but our controls were purpose-built to map directly to these frameworks, and we are actively working toward certification.

In progress

Controls for logical access, system monitoring, and change management align with the Trust Services Criteria.

In progress

Our security management foundation aligns with key Annex A controls for access, operations, and development.

Built in

Privacy by design: IP anonymization and row-level data segregation are part of the architecture.

Safeguards in place

The technical safeguards for access control, audit control, and transmission security are implemented.

If you believe you have found a security issue, please email us so we can look into it quickly and responsibly.

Start in three minutes

No credit card required. Starter credits are included, so you can try the agent, the connectors and every model from your first prompt.