Security at Perpendo

Your data, your keys, your control.

Perpendo is built on a simple principle: your data belongs to you. We designed every layer of the platform to minimize our access to your information while maximizing your control.

Bring Your Own Keys (BYOK)

  • You provide your own API keys from AI providers.
  • We never see your keys in plaintext.
  • Keys are encrypted with AES-256-GCM using a passphrase that only you know.
  • The passphrase is never stored — it exists only in your browser’s memory during your session.
  • Even if our database were compromised, your API keys would be unreadable without your passphrase.

Data Isolation

  • Every user’s data is completely isolated in the database.
  • All database queries are scoped by user ID — no user can access another user’s data.
  • Conversations, prompts, agents, API keys, and settings are all per-user.
  • Built-in content (default agents, prompts) is read-only and shared; user-created content is private.

Encryption

  • API keys: AES-256-GCM with user-specific passphrase.
  • Data in transit: TLS 1.3 (HTTPS everywhere).
  • Data at rest: database encryption provided by infrastructure provider.
  • Authentication: secure JWT sessions via NextAuth.js.

Infrastructure

  • Hosted on Railway (US-based).
  • PostgreSQL database with automated backups.
  • No server-side logging of conversation content.
  • No analytics tracking of conversation content.

Authentication

  • Google OAuth 2.0 for secure sign-in.
  • JWT-based sessions.
  • No passwords stored (authentication is delegated to Google).

What We Don't Do

  • We never read your conversations.
  • We never train AI models on your data.
  • We never sell or share your data with third parties.
  • We never store your API keys in plaintext.
  • We never log API requests or responses.
  • We don’t use advertising cookies or third-party trackers.

Self-Hosted Security

  • Data never leaves your machine (except API calls to AI providers you initiate).
  • SQLite database stored locally with no remote access.
  • API keys encrypted with AES-256-GCM, same as the cloud version.
  • No telemetry or phone-home beyond license validation and version check.
  • Local model support via Ollama means conversations can be fully air-gapped (no API calls at all).
  • Users are responsible for their own machine security, OS updates, and network configuration.

Responsible Disclosure

If you discover a security vulnerability, please email security@perpendo.app. We take all reports seriously and will respond within 48 hours.

Compliance

  • Perpendo follows SOC 2 principles in its security design (not yet certified).
  • GDPR: users can access, export, and delete all their data.
  • We do not process HIPAA-protected data — Perpendo is not designed for healthcare PHI.

Security questions? security@perpendo.app