Trust Requires Transparency
When you use an AI agent to handle sensitive work, from proprietary research and confidential documents to business strategy and client data, you need to know exactly how your information is protected. At Iris, security is not a feature we bolted on after launch. It is a foundational design principle that shapes every architectural decision we make. This post provides a transparent look at how we protect your data.
Row-Level Security with Supabase
Iris is built on Supabase, which provides PostgreSQL with row-level security (RLS) policies enforced at the database level. Every query is filtered through RLS rules that ensure users can only access their own data. Even if application-level code contained a bug, the database itself would prevent unauthorized access. This is a fundamentally stronger guarantee than application-only access control.
Our multi-tenancy model, powered by the Basejump framework, provides additional isolation for team and organizational data. Each account's information is logically separated with strict policy enforcement, role-based access control, and audit capabilities.
Encryption at Every Layer
All data transmitted between your browser and Iris servers is encrypted with TLS 1.3. Data at rest in our PostgreSQL database is encrypted using AES-256. File uploads and document storage in Supabase Storage are similarly encrypted both at rest and in transit. API keys and sensitive credentials are managed through environment-level secrets, never stored in code or exposed to the client application.
Data Handling Policies
Our data handling commitments are clear and non-negotiable:
- No Training on User Data — Your conversations, documents, and generated outputs are never used to train AI models. We use commercial API agreements that explicitly prohibit training on API inputs
- Minimal Retention — We retain only the data necessary to provide the service. Conversation history exists for your convenience and can be deleted at any time
- No Third-Party Sharing — Your data is never sold, shared with advertisers, or provided to third parties for any purpose beyond delivering the Iris service
- Observability Without Exposure — Our monitoring tools, Langfuse and Sentry, are configured to avoid capturing sensitive user content in logs and traces
SOC 2 Readiness
We are actively working toward SOC 2 Type II compliance, which provides independent, third-party verification of our security controls. This includes formal policies and procedures for access management, incident response, change management, and ongoing risk assessment. Our infrastructure and processes are designed to meet these rigorous standards from the start rather than retrofitting compliance after the fact.
Security is an ongoing commitment, not a checkbox. We continuously audit our systems, update our policies, and invest in protecting the trust our users place in Iris every single day.