Security

Every credential stored in OIKON — OAuth tokens, API keys, connection secrets — is encrypted with AES-256-GCM before it reaches the database. We use purpose-specific derived keys so compromising one data class cannot expose others.

Enterprise plans include Bring Your Own Key (BYOK). Revoke your key, and your data becomes permanently unreadable — even to us.

Before data reaches an AI provider, we redact personally identifiable information — customer names, addresses, dates — and replace them with placeholders. The AI generates responses using redacted context. We rehydrate with real data only after the response returns to our servers.

Your business intelligence stays under your control.

Every time an OAuth token is decrypted — by a worker, a skill, or an API call — we log who accessed it, when, and why. Your credential access log is available in your portal dashboard.

Every database query enforces organization-level scoping. Your data is invisible to other tenants — not through application logic alone, but through database-level security policies.

Agents access only their organization’s data. Cross-tenant access is architecturally impossible.

OIKON is designed for compliance with Saudi Arabia’s Personal Data Protection Law (PDPL). We implement purpose limitation, data minimization, and provide data subject access capabilities.

Enterprise customers receive a full Data Processing Agreement.