Security·Your data, your keys, your call

Built so you stay
in control.

Encrypted in transit and at rest. Reads run free; outside-world writes wait for your approval. We don't train on your data and we never share your keys.

Principles

Six commitments we won't bend on.

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest. OAuth tokens and your LLM API keys are encrypted before they touch our database.

We don't train on your data

Your prompts, queries, and results aren't used to train or fine-tune any model — ours or anyone else's.

Approval gate on writes

Reads always run. External writes (publish, fix copy, create a discount) pause for your sign-off — or run on autopilot if you choose.

Bring your own keys

datavessel runs on a BYOK model for LLM providers. You bring Anthropic, OpenAI, or Google keys. We never share them.

Full trace logs

Every agent operation is logged: which tools were called, with what arguments, what came back. Audit anything, any time.

Compliance

GDPR-compliant data handling, industry-standard security practices, and a clear path to delete everything on request.

Transparency

See exactly what
the agent did.

Every run leaves a trail. Which tools were called, with which arguments, what each one returned, how long it took. Open any run, scroll the timeline.

If something went sideways, you don't have to guess — the trace log tells you exactly where.

Trace logs showing full execution history and API call details

Data handling

Three rules we keep.

01

Authorized access only

We only reach the sources you explicitly connect, with the scopes you grant. Revoke any source from the dashboard at any time.

02

Never sold, never shared

Your business data isn't sold, traded, or shared with third parties. It isn't used to train models — ours or anyone else's.

03

You stay in control

Disconnect a source in a click. Delete your account and we erase your data on a clear retention schedule.

Infrastructure

Where it runs.

Google Cloud Platform

Hosted on GCP with regional isolation, automatic backups, and the compliance certifications you'd expect.

Layered protection

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Encrypted OAuth tokens and LLM API keys
  • Regular security audits and dependency scans

Try it. Disconnect any time.

Read-only by default. Bring your own key. Delete your data in one click. Nothing locks you in.

Try nowRead the policy