Trust Center

ThothOS is multi-tenant B2B software, so trust is the product. This page pre-answers the security questions buyers ask (the CAIQ/SIG set) with what we actually do today — every control below is enforced in code and, where noted, continuously verified by an automated test gate. For the legal terms see our DPA, Privacy Policy, and Sub-processor list.

Tenant isolation (can company A ever see company B’s data?)

One identity chokepoint. Every request passes through a single middleware that is the only place permitted to assert who you are; a prior identity-forgery vector was found and closed.
Per-tenant scoping at the data layer.Every data resolver is confined to the caller’s own company — a user in one company cannot reach another’s data even with a forged request.
Verified continuously: a role-matrix suite runs 312 checks across every dashboard route × role with 0 failures, plus a cross-tenant isolation gate on every deploy.
Regressions are blocked at build time — static guards fail the build on any change that would open a cross-tenant hole.

Encryption & key management

Encryption in transit (HTTPS/TLS) everywhere.
Encryption at rest for personal identity data (email, phone, address) with searchable blind indexes.
Field encryption uses versioned keys — keys can be rotated without re-exposing or losing data.
Session tokens are stored only as SHA-256 hashes, never in clear text.

Access control & authentication

Role-based access control (RBAC) enforced per employee within each company.
Multi-factor authentication (MFA) available.
Sessions validated server-side on every request.

Audit logging

Tamper-evident, hash-chained audit logging with long-term archival, plus an automated chain-verification job.

AI & your data

ThothOS does not use your data to train, fine-tune, or improve any AI model. AI features run on third-party model providers (e.g. Anthropic) as sub-processors under agreements that prohibit training on API-submitted data. Full terms: DPA.

Data lifecycle — retention, export, deletion

Export: a whole-company data export is available (credential/ secret collections are excluded by design).
Deletion: deleting a company cascades across all of its data as a guarded, coverage-checked operation; the audit trail is retained for compliance.

Reliability & monitoring

A dependency-aware deep health probe (database, payments, application) backs the readiness check.
A nightly readiness monitor tracks the live surface and flags any regression.

Compliance posture

SOC 2-aligned controls (the isolation, encryption, audit-logging, and access controls above) are implemented and build-gated. [NEEDS MATTHEW: state the current formal attestation status — SOC 2 Type I/II in progress / date — and attach the report + a completed CAIQ/SIG on request.]

Report a vulnerability

Email [NEEDS MATTHEW: security@ inbox]. We acknowledge and respond promptly. A completed security questionnaire (CAIQ/SIG) and the DPA are available to prospective customers on request.

Trust Center

Tenant isolation (can company A ever see company B’s data?)

One identity chokepoint. Every request passes through a single middleware that is the only place permitted to assert who you are; a prior identity-forgery vector was found and closed.

Per-tenant scoping at the data layer.Every data resolver is confined to the caller’s own company — a user in one company cannot reach another’s data even with a forged request.

Verified continuously: a role-matrix suite runs 312 checks across every dashboard route × role with 0 failures, plus a cross-tenant isolation gate on every deploy.

Regressions are blocked at build time — static guards fail the build on any change that would open a cross-tenant hole.

Encryption & key management

Encryption in transit (HTTPS/TLS) everywhere.

Encryption at rest for personal identity data (email, phone, address) with searchable blind indexes.

Field encryption uses versioned keys — keys can be rotated without re-exposing or losing data.

Session tokens are stored only as SHA-256 hashes, never in clear text.