Security & Trust

Built for security from day one.

Your data stays yours. Always. Sagy is designed with enterprise-grade security practices, and we are actively working toward SOC 2 and ISO 27001 certifications.

Secure by Design

Security is embedded into how Sagy is built.

Backend-only data access

No direct database exposure. All data access routes through secured backend services.

Network isolation

Frontend, backend, and database are isolated with strict network boundaries between them.

Minimal external communication

Strict outbound rules limit what services can reach the internet, minimizing attack surface.

Principle of least privilege

Every service and user receives only the access they need, nothing more.

Our Commitments

What Sagy will never do.

These are hard boundaries, not policies that change with business conditions.

We do not train models on your data

We do not share data across customers

We do not expose your database to the internet

We do not access your data without authorization

Data Flow

How your data flows through Sagy.

Ingestion

Data is ingested from your tools, Slack, Jira, GitHub, and others.

Processing

Data is processed securely within backend services only.

Storage

Data is stored in an isolated, per-customer database.

AI Requests

AI requests are handled through the backend only, never directly from users or the internet.

No Direct Access

No direct access from users or external systems to the database is possible.

Data Protection

Encrypted, isolated, and tightly controlled.

Hosted on Microsoft Azure infrastructure

Encryption in transit (TLS)

Encryption at rest

Isolated storage per customer

Database not publicly accessible

Only accessible by backend services

All connections secured and authenticated

Logical isolation between customers

No cross-tenant data access

Access Control

You control who accesses what.

Role-based access

Admin and User roles with clear permission boundaries across the product.

Strong authentication

Robust authentication policies with session timeouts and account inactivity protections.

Access transparency

Your team manages all users. Sagy engineers have limited, audited access for support only. All access is logged and traceable.

AI & Data Privacy

Your data never trains a model.

No model training on your data

Customer data is never used to train external models, by Sagy, by the cloud provider, or by any third party.

No data retention in AI requests

AI requests are processed with zero data retention on inference endpoints.

Secure API key management

API keys are securely stored, encrypted, and managed, never exposed in logs or client-side code.

Deployment Flexibility

Your data never has to leave your infrastructure.

Sagy can be deployed in your own cloud or on private infrastructure, giving you full data sovereignty.

Azure

Default

Deploy on Microsoft Azure with fully managed infrastructure and automated monitoring.

AWS or GCP

Supported

Deploy in your preferred cloud environment, Amazon Web Services or Google Cloud Platform.

Private infrastructure

Full sovereignty

Deploy on-premise or in an isolated environment. Your data never needs to leave your infrastructure.

Incident Response

If something happens, we act fast.

Immediate notification to the customer

Joint investigation with your IT team

Resolution and mitigation

Written report within 48 hours

Compliance Roadmap

On the path to full certification.

Our architecture already aligns with enterprise security best practices. Certifications are in progress.

SOC 2 Type II

In progress

We are actively working toward SOC 2 Type II certification. Our architecture already follows the required controls.

ISO 27001

Planned

ISO 27001 certification is on our roadmap. Our information security management practices are already aligned.

Our Trust Model

You own your data

You control your infrastructure

We provide secure, continuously improving software

Security questions or documentation requests? admin@sagy.ai