Your data is our focus at Ittes. We pair proven technology with clear agreements, giving you full insight into our work and your options.
IttesAI: security
Private Cloud Servers
Ittes servers are secured with SSH and IP access control at our office locations.
Custom Data Layer
MySQL for structured data, Qdrant for text, and Minio for documents.
Full Encryption
MySQL encrypted at rest, HTTPS for traffic, and TLS for Qdrant communication.
Secure Sign-in
Microsoft 365 login with Entra ID and 2FA.
Secure Passwords
Stored using bcrypt and cross-referenced against known data breaches via the k-anonymity model.
Authentication Security
Rate limiting and protection against user enumeration.
Collaboration with AI Providers
Free AI models often use personal data to train themselves. This doesn’t happen at IttesAI. We work exclusively with paid APIs from reputable AI providers and make clear agreements about how your data is processed. This ensures your information remains secure and confidential.
You Own Your Data
You can delete your user data or your entire workspace with a single action.
Where is your data located?
Our databases and platform run on servers managed by Ittes, hosted by our cloud partner. Server access is handled via the SSH protocol and is only possible from trusted office IP addresses.
MySQL
For tables such as workspaces, users, and conversations. Structured data storage with full encryption.
Qdrant
For tables such as workspaces, users, and conversations. Structured data storage with full encryption.
Minio
For files such as PDF, Word, images, and video. Secure storage with strict access control.
Encryption and transport
MySQL
MySQL is encrypted at rest using Transparent Data Encryption (TDE) based on AES 256 CBC. The MySQL server is located on the same machine as the application, ensuring that internal connections do not leave the device. All external traffic is required to use HTTPS.
Qdrant
Qdrant runs on a separate server for computational power and uses TLS and HTTPS for all communication. Qdrant does not currently offer encryption at rest. The impact of this is only relevant if a server is already compromised. Therefore, we prioritize performance, strict network management, and clear data segregation per customer.
Minio
Minio stores personal files for each customer in separate buckets. The default retention period is 6 months. Encryption at rest is planned for future implementation; in the meantime, access remains restricted and all external traffic uses HTTPS.
FAQ
Is my data used to train AI models?
No. We use paid APIs where data is not used for model training.
What data do you send to an AI provider?
Only what is necessary for the function you are using. For example, your query, relevant conversation context, and in the case of SharePoint, the relevant text snippets that you have approved beforehand.
How secure is the classic login?
Passwords are hashed with bcrypt, emails are encrypted with AES-256 CBC, and we check passwords against known leaks. Brute force attacks are mitigated with rate limiting.
Is everything encrypted?
- MySQL: Fully encrypted at rest.
- Qdrant: TLS for traffic, no encryption at rest.
- Minio: Encryption at rest is planned; traffic is always via HTTPS.
