Security

How we protect your data and your team · Ektie Inc.

AES-256 EncryptedPer-workspace DB isolationTLS 1.3 in transit

1. Infrastructure

Ektie runs on AWS in the us-east-1 and eu-west-1 regions. All infrastructure is managed via Kubernetes (EKS). We maintain separate environments for production, staging, and development — no production data ever touches lower environments.

Automated daily backups run with 30-day retention. We commit to a 99.5% monthly uptime SLA.

2. Data isolation

Every customer workspace runs on a dedicated database. Your CRM records, agent logs, sequences, and workspace data are never commingled with another customer's data.

Workspace routing is enforced at both the application layer and the database layer. A misconfigured request cannot leak cross-tenant data — isolation is structural, not just policy.

3. Encryption

  • Data in transit: TLS 1.3 enforced on all endpoints. HTTP requests are redirected to HTTPS; HSTS is enabled.
  • Data at rest: AES-256 encryption on all database volumes and backups.
  • Key management: Encryption keys are managed via AWS KMS with automatic annual rotation.

4. Access controls

Production access is restricted to named engineers with MFA enforced. Access is granted on a least-privilege basis and reviewed quarterly. All production access is logged and audited.

  • We use SSO (Google Workspace) for all internal tooling.
  • No contractor or third-party has standing access to production systems.
  • Access grants are tied to role and reviewed on each team change.

5. AI inference security

Agent tasks use AI inference from OpenAI and Anthropic APIs. We take a deliberate, minimal approach to what gets sent:

  • Only the data required for the specific task is sent — we never batch or share workspace data across customers in inference calls.
  • Inference requests are made over HTTPS.
  • We do not use your data to fine-tune or train models.
  • You can review which AI providers are active for your workspace in your workspace settings.

6. Incident response

We maintain a documented incident response plan. For security incidents affecting customer data, we commit to:

  • Notification within 72 hours of a confirmed breach (GDPR Article 33 aligned).
  • A post-incident report within 14 days.
  • A root-cause analysis for any P0 incident.

To report a suspected incident, email security@ektie.com.

7. Compliance

  • GDPR: We are GDPR-compliant. A Data Processing Agreement is available on request.
  • CCPA: Compliant for California residents.
  • SOC 2 Type II: Audit in progress — expected completion Q3 2026.
  • OWASP Top 10: We follow OWASP guidelines throughout our development process.
  • Penetration testing: Annual independent third-party pen tests.

8. Responsible disclosure

We welcome security researchers. If you find a vulnerability, please report it to security@ektie.com with a description and reproduction steps.

We commit to:

  • Acknowledging your report within 2 business days.
  • Keeping you updated on our progress.
  • Not pursuing legal action against good-faith researchers.

We don't currently offer a bug bounty programme but may in future. We genuinely appreciate the time researchers put into keeping our customers safe.