Security & Compliance

Enterprise-grade security and access control

Data Plus Lab is built so that an AI assistant over your company knowledge never becomes a way to bypass your existing permissions. Access is enforced before retrieval, everything is logged, and you can keep data in your own infrastructure.

Permission-aware retrieval

Access control isn't a filter applied after the fact — it's enforced in SQL at the retrieval layer, combining role-based (RBAC) and attribute-based (ABAC) checks. The AI never receives a document the requesting user isn't already authorized to read, so answers can't leak restricted content.

Encryption in transit and at rest

All traffic is served over TLS, and connector credentials are encrypted at rest. Secrets are never stored in plaintext, and access to production systems is restricted and logged.

Immutable audit trail

Every query, generated answer, and administrative action is written to an append-only audit log with full traceability — the evidence trail security, compliance, and legal teams need for reviews and investigations.

Multi-tenant isolation

Every record is scoped to its workspace, and queries are filtered by tenant so one organization's knowledge can never surface in another's answers.

Responsible AI data handling

Your workspace content is not used to train foundation models. Data sent to the language-model provider for inference is governed by data-handling agreements and is not retained beyond serving the request.

Self-hosting option

Need your data to never leave your own infrastructure? A self-hosting option lets you run the platform inside your own environment while keeping the same permission and audit guarantees.

Learn more

Security questions for procurement?

Reach out and we'll walk your team through our controls, or start free to evaluate it yourself.