Last updated: 13 May 2026
A short, practical overview of how we secure Aitelier. For the full TOMs document, write to security@aitelier.org.
Aitelier runs on dedicated Hetzner infrastructure in EU data centres. Every business-data table carries a tenant_id; every database query goes through a Repository that injects the tenant context. Direct ORM access outside Repositories is forbidden and enforced by lint.
TLS 1.3 in transit. AES-256 at rest for databases, object storage and backups. Secrets are stored encrypted with a per-environment key; production keys are accessible only via SSO + 2FA.
Role-based access (Owner / Editor / Viewer) inside each project. SSO via WorkOS / Google / Microsoft. Mandatory 2FA on accounts with billing or admin scope. Production console access requires SSO + 2FA + IP allowlisting + just-in-time approval.
Structured JSON logs with tenant_id, project_id, session_id. Append-only audit log for sensitive actions (key rotation, exports, plugin secrets). Latency, error rates and goal outcomes tracked per session.
Caller phone numbers are masked in non-session logs. Recordings retained per project policy (default 90 days, configurable from 0). Recordings can be excluded entirely for a project.
We welcome reports from security researchers. Mail security@aitelier.org with details and a proposed disclosure timeline. We will acknowledge within 2 business days and aim to remediate critical issues within 14 days.