— Security

The substrate is yours.

Zero-knowledge architecture. No frontier-model API anywhere in the runtime path. Encrypted at rest, encrypted in transit, deletable on demand.

No frontier model

No Anthropic, no OpenAI, no Google, no Mistral, no Meta API call ever fires on your behalf. Reasoning runs on our own Belisama-native engine inside infrastructure we control. Your messages are never seen by a third-party model provider.

Encryption

AES-256 at rest (Postgres column-level for substrate). TLS 1.3 in transit. Per-user substrate envelope keys derived from a server-held master + per-user salt. The substrate row in the database is unreadable without an active user session decrypting it.

Deletion

Settings → Privacy → Delete my substrate. Cryptographic shred within 24 hours. Backups overwritten within 30 days. Cancel deletion within a 7-day grace window.

Export

Signed JSON or CSV, any time, no charge. The complete graph: nodes, edges, metadata, timestamps. Re-import elsewhere or archive offline.

No training on your data

Your conversations and substrate are never used to train any model. The only opt-in flow that contributes to learning is anonymous, summary-only Minima-Cursie coding traces — and you control that switch.

Sovereignty

Primary database in Frankfurt (IONOS). Sydney processing on request for AU residents. Your substrate doesn't cross borders without your permission — see the privacy policy for the SCC framework.

Hardened controls (what we run, end-to-end)

LayerControlWhere to verify
EdgeCloudflare WAF, DDoS L3/4/7, rate-limits per route, bot managementHTTP cf-ray headers; Cloudflare dashboard
TransportTLS 1.3 only, HSTS preload, OCSP stapling. Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadSSL Labs A+ rating · ssllabs.com
BrowserStrict CSP, X-Frame-Options: DENY, Cross-Origin-Opener-Policy: same-origin, Cross-Origin-Embedder-Policy: require-corp, Referrer-Policy: no-referrer, Permissions-Policy locked downsecurityheaders.com
Auth (web)Session cookies with modern password hashing, token hashing at rest, and CSRF protection on all state-changing requests.Public security testing + independent verification available on request
Auth (API)Bearer API tokens hashed at rest with per-key scope and budget controls.Public API behavior + support verification on request
Founder auth3 layers: password → email OTP → TOTP. Founder-only path; everything inside /api/admin/* requires is_founder = TRUE + a TOTP-fresh sessionAudit table: founder_admin_audit
DatabaseProduction data stores are private and reachable only through authenticated service boundaries. Public edge workloads use least-privilege service access, never direct open database ingress.Architecture review available under NDA for enterprise customers
Substrate at restPer-user envelope encryption (AES-256-GCM). Plaintext substrate content is segregated from direct account identifiers in backups.Control evidence available for customer due diligence
SecretsSecrets are held in managed secret stores and rotated on a recurring schedule. No secrets are committed to source control.Rotation policy available on request
BackupsEncrypted periodic backups with retention windows and routine restore testing.Backup and restore controls validated in operations runbooks
LoggingStructured security logging with retention limits and sensitive-path administrative audit trails.Operational audit controls available on request

Reporting a vulnerability

We want to hear from you. Acknowledged within 24 hours; substantive response within 5 business days; disclosure timeline negotiated with you.

Supported versions

Odahl is a single live service — there are no "versions" to keep on life-support. Every patch is rolled out to all users. Old API key formats (fdc_test_… beta keys issued before May 2026) remain valid; if we ever sunset a key format we will give 90 days' notice and roll all affected keys for free.

Threat model summary

We design against four kinds of attacker:

  1. Drive-by abuse — bots, scrapers, password-spray. Mitigated by layered edge protections and route-level rate controls.
  2. Single-account compromise — stolen cookie, leaked password. Mitigated by short session TTL, per-session TOTP gates for sensitive paths, audit log, anomaly alerts on login from new IP/UA.
  3. Sub-processor compromise — one of our vendors is breached. Mitigated by per-user envelope encryption (we never co-locate plaintext + identifier), no third-party model API in the runtime path, secrets rotation, principle of least privilege on every vendor.
  4. Infrastructure compromise — host-level compromise scenario. Mitigated by encrypted substrate storage, scoped credentials, encrypted off-site backups, and an incident-response plan that targets customer notification within 72 hours.

What is not in scope

Honesty up front:

Accessibility

We target WCAG 2.2 AA on marketing and product surfaces. If something blocks you from core tasks, email hello@odahl.ai — we prioritise fixes that remove hard barriers.

Contact

Security: security@odahl.ai. Privacy: privacy@odahl.ai. Founder & DPO: joe@fiduci.group.