Security & Trust

Built for sovereign AI deployments in regulated environments.

Security Principles

Oikyo is designed around a simple principle: your models and training data should stay inside your boundary.

  • Sovereign by design: Training, evaluation, and inference run in your infrastructure.
  • Minimal telemetry: Console authentication and configuration events are logged to help operate the service—model payloads and training data are not.
  • Defense-in-depth: Encryption in transit, least-privilege access, and environment isolation.

Enterprise Controls

  • RBAC & Teams: Fine-grained roles for administrators, operators, and reviewers.
  • Audit Trail: Git-native history of experiments, configurations, and deployments.
  • Environment Isolation: Separate workspaces for development, staging, and production.
  • API Keys: Scoped API tokens for automation and integration.

For more implementation details, see the console security page at console.oikyo.ai/security.

Compliance Roadmap

We are building toward:

  • SOC 2 Type II
  • GDPR-aligned data processing with customer-specific DPAs
  • CCPA/CPRA support and data subject workflows

Draft legal documents, including our Privacy Policy, Terms of Service, DPA template, and Acceptable Use Policy, are available via the console and are intended for review by your legal counsel.