Security

Trust is our foundation

Permission-aware AI that respects your data governance and shows its work.

We're still building.

This page describes our planned security approach, not production systems. If you're exploring efilo for regulated environments, talk to us directly.

Our Approach

Security by design

Trust and transparency are built into every layer of efilo.

Permission-Aware Architecture

Inherits access controls from source systems. Users only see data they're authorized to view.

  • Real-time permission synchronization
  • Role-based access control
  • Source system permission inheritance
  • Granular access policies

Source Citations

Every answer traces to original documents. No black box AI—full transparency always.

  • Direct links to source documents
  • Audit trail of all queries
  • Response provenance tracking
  • Citation verification

Human-in-the-Loop

Review before action. Approval workflows for sensitive operations.

  • Review and approve workflows
  • Override capabilities
  • Configurable approval chains
  • Action audit logging

Data Governance

Your data stays under your control. We never train on customer data.

  • Data residency options
  • Encryption at rest and in transit
  • No training on customer data
  • Data retention controls
Architecture

How we protect your data

Every layer is designed with security in mind.

Your Data Sources

Files, emails, SharePoint remain in your control with existing access policies

efilo AI Layer

Permission-aware indexing. Only processes what users can access.

Cited Responses

Every answer traced to sources. Full audit trail maintained.

Compliance

Committed to compliance

Certifications are a priority. We'll update this page as we make progress.

SOC 2 Type II

Planned

Security, availability, and confidentiality controls

ISO 27001

Planned

Information security management

GDPR Compliance

Planned

European data protection requirements

FAQ

Common security questions

Get answers to frequently asked security questions.

Where is my data stored?

Your data is stored in secure, SOC 2 compliant cloud infrastructure. We offer data residency options for organizations with specific geographic requirements.

Who can access my information?

Only users with appropriate permissions in your source systems can access data through efilo. We inherit and respect all access controls from your connected systems.

How do citations work?

Every AI response includes direct links to the source documents used to generate the answer. You can click through to verify information and see the full context.

Can efilo take actions automatically?

No. efilo operates with human-in-the-loop controls. All actions require explicit user approval before execution. You always stay in control.

Do you train AI models on my data?

No. We never use customer data to train our AI models. Your proprietary information remains yours and is only used to serve your queries.

What happens if I disconnect a data source?

When you disconnect a data source, the indexed content from that source is immediately removed from efilo. We don't retain copies of your data.

Have more security questions?

Our team is happy to discuss your security requirements.