Security
Built to keep
your trust.
Your documents are sensitive. We built the platform around that fact, not as an afterthought.
Our stance
Professional security for professional work
Many of our customers work in sensitive industries. Security isn't a compliance checkbox for them, so it isn't one for us. Inquisita is built with enterprise-grade security so your data stays protected.
Data handling
Your documents, your rules
The most common question in a security review is “what are you going to do with our data?” Our answer is short: we process it to serve your queries, we encrypt it everywhere it lives, and we delete it when you tell us to.
Your data is never used to train models
Inquisita processes your documents to answer your queries and nothing else. We don't fine-tune on customer content, we don't share it with model providers for training, and we don't mine it for analytics. The only reason your documents exist in our system is so your agent can act on them.
Encrypted at rest and in transit
Documents, extracted content, embeddings, and metadata are encrypted at rest with AES-256, and all connections are encrypted with TLS 1.2 or higher. Encryption keys are managed in a dedicated key-management service with automatic rotation.
You control the data lifecycle
Delete individual documents, entire matters, or your full account. When you delete, we delete. Documents drop from object storage, from search indexes, and from backups within the retention window required for billing records. No soft-deletes lingering in a spreadsheet somewhere.
Access & isolation
A wall between tenants, and a record of everything
Our data storage follows industry best practices for multi-tenant isolation. We ensure that data can only be accessed by authenticated customers, and everything else of consequence is logged.
Authenticated access only
Every customer has a logically separate data space. Access is gated by authentication and tenant-scoped authorization on every request, so another customer can't see your data and our internal tooling doesn't either.
Full audit trail
Every upload, query, analysis job, deletion, and permission change is written to an append-only audit log with actor, timestamp, and context. If something looks off in your workspace, you can reconstruct what happened without filing a support ticket.
Infrastructure
Advanced tools on a well-tested foundation
We build on hardened cloud infrastructure behind private networking, with infrastructure-as-code deployments and automated patching. Proven primitives at the base free our security investment to concentrate on the parts of the stack where customer data actually lives.
SOC 2 aligned
Our platform and internal processes follow SOC 2 controls: access reviews, change management, incident response, vendor reviews, and more. We're happy to share our current posture and where we are on the Type II timeline under NDA.
Minimal data surface
We only collect and store the information you ask us to. No behavioral analytics, no session replay, no profile building, no third-party trackers on our app.
Questions about security?
We're happy to walk through our security posture, answer questionnaires, or discuss specific compliance requirements. Reach out at security@inquisita.com
