At AnswerVault, security is not an afterthought. We build security into every layer of our architecture to ensure your data remains protected and under your control.
Data Encryption
All data is encrypted both in transit and at rest:
- In transit - All connections use TLS 1.3. Communication between internal services uses mutual TLS (mTLS).
- At rest - All stored data is encrypted using AES-256-GCM. Encryption keys are managed through dedicated key management services and are never stored alongside the data they protect.
- Credentials - OAuth tokens and authentication credentials are encrypted using AES-256-GCM with HKDF-derived per-tenant keys, ensuring full isolation between customers.
Authentication and Access Control
- OAuth 2.0 - Secure delegated access to your document repositories without storing passwords.
- Multi-factor authentication - MFA support for all user accounts.
- Role-based access control - Fine-grained permissions ensure users only access authorised documents and features.
- Session management - Secure session handling with configurable timeouts and automatic expiry.
Multi-Tenancy and Isolation
AnswerVault is built as a multi-tenant platform with strict isolation between customers:
- Each tenant's data is logically isolated at the database level
- Per-tenant encryption keys ensure one customer's data cannot be decrypted with another's keys
- All queries are scoped to the authenticated tenant
- Audit logs are maintained per tenant
For Enterprise tier customers requiring complete physical isolation, we offer dedicated single-tenant deployments — separate infrastructure, separate databases, and separate encryption with no shared components. Contact us to discuss your requirements.
Data Residency and the CLOUD Act
The US CLOUD Act (2018) allows US authorities to compel US-headquartered cloud providers to produce customer data regardless of where it is physically hosted. In June 2025, Microsoft confirmed under oath to the French Senate that it cannot guarantee EU data will never be accessed by US authorities.
AnswerVault resolves this architecturally:
- All customer data is processed and stored on EU and UK infrastructure
- No US-headquartered provider has access to your indexed content, embeddings, or queries
- Business and Enterprise tiers offer explicit region selection (EU, UK, or US)
- Data residency settings apply to all processing, including AI inference
For organisations in government, financial services, healthcare, and legal sectors, this is not optional — it is a procurement requirement. AnswerVault is built to meet it.
Infrastructure
- Cloud hosting - Our platform runs on AWS and Azure with infrastructure managed through Terraform for consistency and auditability.
- Network security - Services run in private networks with no direct internet access. All external traffic passes through load balancers and firewalls.
- Containerised workloads - Applications run in isolated containers on managed orchestration platforms.
- Automated deployments - Infrastructure changes go through version-controlled, peer-reviewed pipelines.
AI and Data Processing
When your documents are processed by our AI:
- Document content is processed through our managed AI infrastructure
- We do not use your data to train AI models
- AI-generated responses are not stored beyond the session unless you choose to save them
- All AI processing respects your data residency settings
Audit Logging
A complete audit trail is maintained for all significant actions, including:
- User authentication events (login, logout, failed attempts)
- Document access and queries
- Configuration changes
- Administrative actions
Compliance
- GDPR - Fully compliant with the General Data Protection Regulation. See our Privacy Policy for details on how we handle personal data.
- ISO 27001 - Our information security management practices align with ISO 27001 standards.
- Data Processing Agreements - Available for all paid tiers upon request.
Responsible Disclosure
If you discover a security vulnerability, please report it responsibly by emailing hello@answervault.ai. We take all reports seriously and will respond promptly.
Questions
If you have questions about our security practices, please contact us at hello@answervault.ai.