How AI Analyst protects your data at every layer.
AI Analyst uses a schema-only architecture designed to minimize data exposure. When you ask a question, only your table structure (column names and data types) is sent to our AI models for SQL generation. The generated SQL is then executed locally on our servers against your data. Your actual data rows are never transmitted to any AI provider.
TLS 1.3 for all data in transit. AES-256 for all data at rest. Database connections use SSL with certificate verification. All encryption keys are managed via industry-standard KMS.
Our AI models only receive table names, column names, and data types. Sample values (used for better SQL generation) are limited to 3 values per column and are anonymized. No raw data rows are ever sent.
Our state-of-the-art AI infrastructure partners operate under strict zero-data-retention policies. Inputs are processed to generate responses and are immediately discarded. They are never stored, logged, or used for model training.
Our AI infrastructure partners maintain SOC 2 Type II, ISO 27001, and GDPR compliance. Payment processing by Stripe is PCI DSS Level 1 compliant. Authentication by Clerk is SOC 2 Type II certified.
Each user's data is stored in isolated per-user database containers. There is no shared storage between accounts. Administrative access to production data requires multi-factor authentication and is fully audited.
Delete any uploaded dataset anytime — deletion is immediate and permanent. Account deletion removes all data within 30 days. We never retain data after deletion requests.
If you discover a security vulnerability, please report it to support@agenticanalyst.io. We take all reports seriously and will respond as soon as possible.