Enterprise-grade security

Security & Trust

Ketchbot handles sensitive organizational data. We take that responsibility seriously with encryption, isolation, and strict access controls at every layer.

Our commitment

Never trains on your data

Your organizational data is never used to improve AI models. Your information stays exclusively yours.

Write actions require your intent

Ketchbot reads from your tools by default. Any write action (creating tickets, posting comments) requires explicit user request and is audit-logged.

Never shares across orgs

Your data is isolated at every layer. Row-level security, AES-256 credential encryption, and strict tenant isolation.

Data lifecycle

Security at every stage — from ingestion to storage

Ingestion

OAuth read-only · TLS 1.3

Processing

API-only LLM (no training) · DLP filters

Storage

AES-256-GCM · Row-level security

Security pillars

Six layers of protection for your organizational data

Encryption everywhere

AES-256-GCM encryption for all API tokens and credentials

TLS 1.3 for all data in transit

API keys and tokens encrypted at rest (AES-256-GCM)

Zero plaintext secrets in logs or error reports

Infrastructure

Managed cloud infrastructure with automated failover

PostgreSQL with Row Level Security at every table

Automated backups with point-in-time recovery

Row-level security isolation between tenant environments

Data access

Reads by default — writes only on explicit user request

No training on your data — never used to improve models

Full audit logs of every AI action and data access

Data deletion on request (GDPR)

Compliance

GDPR-ready data handling and deletion

Configurable data retention policies

Audit log retention up to 365 days

Role-based access control with admin oversight

Authentication

OAuth 2.0 for all integrations — no stored passwords

Session-based auth with secure HTTP-only cookies

Magic link login support (passwordless)

Invite-based team onboarding

Permissions model

Organization-level data isolation

Team-scoped access controls

Integrations connect as read-only; write scopes enabled per-tool

Granular connector-level access management

What Ketchbot actively prevents

Built-in safeguards that work automatically, without configuration

PII REDACTION

Accidental PII exposure

DLP filters automatically detect and redact personal information before it reaches any external channel.

SECRET PROTECTION

Secret & credential leakage

API keys, tokens, and passwords are caught and blocked from appearing in any AI response or summary.

TENANT ISOLATION

Cross-org data bleed

Row-level security ensures complete data isolation. One organization can never access another's data, by architecture, not policy.

GDPR ready

AES-256 credential encryption

Data deletion on request

7–365 day audit retention

Zero AI training on data

Questions about security?

We're happy to discuss our security practices in detail. Schedule a security review or submit your vendor questionnaire.

Start Free Trial Request Review