Your data, handled with care
We're a young firm — we won't pretend to wave certifications we don't hold. What we will do is be completely transparent about how your data is handled, who can see it, and what we will and won't do with it. Here's exactly how.
Zero Data Retention
No model training on your data
Encrypted End-to-End
TLS in transit · AES-256 at rest
Your Data Stays Yours
We build inside your own accounts
NDA & DPA on Request
Signed before anything sensitive
Data Privacy & Ownership
Unlike a public AI chatbot, Echelon builds bounded systems inside your own accounts. The agents run on your tools, with your data — and we use model providers whose APIs don't train on your inputs. Your data stays within your boundary, and you own everything we build.
What happens to your data
Prompts and documents move over an encrypted (TLS) connection.
Sent to a model provider whose API doesn't train on it.
Results return to your application; transient buffers are cleared.
We keep only the operational metadata needed to run and bill the system.
How access is controlled
Encryption in Transit
Data moves over TLS — no plaintext over the wire.
Encryption at Rest
Stored data and backups are encrypted at rest by our infrastructure providers (Supabase, Vercel).
Role-Based Access Control
Access is enforced with Supabase Auth and Row-Level Security, scoped per client workspace.
No Training on Your Data
We use model providers whose APIs don't train on your inputs or outputs (e.g. Anthropic). Zero-retention available where supported.
Scoped, Revocable Access
Agents connect to your tools with least-privilege, per-client credentials you can revoke at any time.
Audit Logging
Dashboard and API actions are logged so there's a record of what happened and when.
Legal & data documents
The agreements that govern how we work with your data.
Have a security question?
We'll happily walk through how your data is handled, sign your NDA, or fill out your security questionnaire.