🔒 Security & Privacy

Data protection · Access control · Compliance

Privacy Score

98%

Failed Auth (24h)

Active Tokens

247

Last Audit

2d ago

🛡️ Data Privacy Compliance

✅

In-Transit Processing

All customer data processed in memory only — never written to disk on Central

Verified

✅

Zero Data Retention

KB chunks, conversations, and training data deleted from RAM after each request

Verified

✅

Customer Data Isolation

Customer media stored in R2 with per-customer key prefixes — cross-tenant access blocked

Verified

✅

Job Persona Anonymization

Persona patterns contain zero customer-identifying information — verified by automated scan

Verified

✅

WebSocket Encryption

All visitor ↔ Central communication uses WSS (TLS 1.3) — no plaintext ever

Verified

🔐 Access Control

🔑

API Key Validation

Every request validates customer API key + plan tier — expired keys rejected

Active

💀

Customer Suspend

Instant customer suspension capability — blocks all API access

Ready

🛡️

DashScope API Key Rotation

Qwen API keys rotated every 30 days — next rotation in 12 days

On schedule

⚠️

2FA for Admin Dashboard

Two-factor authentication for this dashboard — recommended but not yet enabled

Enable →

📋

Audit Trail

All admin actions logged with IP, timestamp, and action details

247 events today