Security is architecture, not a feature.
LuxoAI is built for organizations where a data breach, an unauditable AI decision, or a compliance gap carries real consequences. This page explains how we are built, what we are working toward, and what we can discuss with your security team today — honestly.
Require a security questionnaire, vendor risk assessment, or data processing agreement? We have standard documentation ready. Start the conversation.
Architecture and roadmap
How we think about security.
Tenant isolation by design
Our architecture is built around complete per-tenant isolation — dedicated environments, no shared data paths between customers. This is a foundational architectural decision, not a configuration option. Your agents cannot access another customer's data because they run in an entirely separate environment.
Encryption at every layer
All data is encrypted at rest and in transit. Tenant-specific encryption keys. No plaintext customer data is ever accessible outside the tenant's own environment — including to LuxoAI engineers during normal operations.
SOC 2 Type II — in progress
We are actively working toward SOC 2 Type II certification. Our controls are designed and documented to meet those requirements from the start. Current progress documentation is available on request — we do not wait for certification to engage with your security team.
Immutable audit trail
Every agent action, data access, and configuration change is logged with timestamp, actor, and context. Audit logs are immutable and exportable in standard formats. Built into the architecture from day one — not an optional add-on.
Role-based access controls
Principle of least privilege enforced by default. Role-based access control at every layer. SSO support via SAML 2.0 or OIDC on the roadmap. We discuss your specific access requirements early in the engagement process.
No training on your data
Your data is never used to train, fine-tune, or improve any model — ours or a third party's. This is an architectural constraint, not a policy that can change with a terms update. Your environment operates independently from ours.
Deployment
Your infrastructure. Your rules.
LuxoAI is designed to deploy entirely within your environment. Your data never needs to leave your perimeter to operate.
On your cloud account
AWS · GCP · Azure
The standard deployment model runs entirely within your cloud account. No data leaves your VPC. You retain full ownership of the infrastructure, the keys, and the data. We manage the agents; you manage the perimeter.
On-premises
Air-gapped available
For organizations with strict data residency requirements. Fully air-gapped deployments with no required outbound connections — behind your firewall, on your hardware, under your security policies. We have designed for this environment from the start.
Security FAQ
Questions we get from security teams.
Where does our data go?
Nowhere outside your environment during operation. Agents run inside your cloud account or on-premises infrastructure. There is no data path from your environment to LuxoAI systems.
What happens to our data if we terminate the contract?
Your data remains in your environment — we do not hold a copy. You retain full ownership and control at all times. Termination requires no data return process because we never held the data.
Do LuxoAI engineers have access to our data?
No, by architecture. Engineers can access deployment configuration metadata but not customer data. Access to the customer environment is only possible with explicit, time-limited authorization from the customer.
Can the deployment be fully air-gapped?
Yes. We support fully air-gapped on-premises configurations with no required outbound network connections. This is designed for environments with the strictest data residency and security policies.
What compliance frameworks does LuxoAI support?
Our architecture is designed to be compatible with GDPR, Swiss DPA, FINMA outsourcing requirements, and GxP validation requirements. SOC 2 Type II certification is in progress. We work directly with your compliance team on your specific framework requirements.
What AI models are used, and can we control this?
We work with leading model providers and can discuss the specific models used in your deployment. For air-gapped or fully private deployments, we support open-weight models that run entirely on your infrastructure with no external API calls.
Security review
Working through a security review?
We engage directly with security teams early in the process. Tell us your requirements — data residency, compliance frameworks, access controls, deployment model — and we will walk you through exactly how we address them. Standard security questionnaire documentation is available within one business day.
Start the conversationMention your security review — we respond within one business day.