Security and Privacy
Security, privacy, and compliance at eesel AI
eesel AI takes security and privacy seriously. We're committed to protecting your data and meeting the compliance standards your organization requires.
Please review the resources below. If your questions aren't answered here, contact us.
Resources
Compliance
Storing and processing data
Your knowledge sources are securely stored in a SOC 2 Type II certified vector database as embeddings (mathematical representations). These embeddings are what allow your agent to find relevant answers.
When a request is made, the agent uses embeddings to find related content and shares only specific relevant snippets with the AI model to generate a response.
Your data is used only to train your agent and generate responses
Your data is never used to train our underlying AI models
Data is isolated per workspace — your content is never shared with other customers
EU Data Residency
EU data residency is available upon request — your data will be hosted exclusively on EU servers. Our subprocessors (including OpenAI and Pinecone) are SOC 2 Type II certified for data security.
Contact us if you want to be hosted on EU servers.
Data retention
Your data is retained as long as your account is active
When you disconnect an integration or delete knowledge sources, the associated data is removed
When you cancel your account, all data is deleted after a retention period
Custom data retention options are available — contact us with your specific requirements
Encryption
Data is encrypted in transit (TLS 1.2+)
Data is encrypted at rest
API tokens and credentials are stored using industry-standard secret management
Access control
Authentication via secure login (MFA available — contact us to enable)
Role-based access control for team members (see Account Management)
API access is scoped per integration — we request only the permissions we need
AI model security
eesel AI uses leading AI models (OpenAI, Anthropic, Google) to power agents
Your data is sent to these model providers only for inference (generating responses)
No model provider stores or trains on your data
The AI model is never given API tokens or direct access to your integrations — it only works with a copy of the data you explicitly share
We maintain agreements with all AI model providers to ensure data protection
FAQ
How does eesel handle prompt injection attacks?
The AI model is never given a token or API access to look at your data via tools or any other means, so prompt injection is not possible. Each agent has a separate copy of the data and can access nothing else — this copy is maintained programmatically.
How do we ensure only certain content is shared with the agent?
The AI model is never given a token or API access to your connected tools. It only works with a copy of the data you explicitly share with the agent, and that copy is maintained programmatically.
Is eesel AI HIPAA and BAA compliant?
No, eesel AI is not HIPAA and BAA compliant. However, we work with several healthcare companies. We recommend exploring custom data retention options with us — contact us with your specific requirements.
Does eesel have indemnity insurance?
Yes. Contact us for more details.
Questions?
If you have security or compliance questions, or need to complete a security questionnaire:
Email: [email protected]
Support: Contact us
We're happy to work with your security team on assessments and provide any documentation you need.
Last updated