Security at Argonis AI

Enterprise-Grade Cloud Infrastructure

• All production services run on isolated, containerized compute instances with automatic horizontal scaling and zero-downtime deployments.
• Network traffic is encrypted end-to-end via automatic TLS certificate provisioning and renewal.
• Private internal networking isolates databases and backend services from direct public access.
• Continuous deployment pipeline with automated build verification before any code reaches production.
• Infrastructure-level DDoS protection and rate limiting at the edge.

Encryption at Every Layer

• In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. HTTPS is enforced on all endpoints with no fallback to unencrypted connections.
• At rest: All persistent data, including chat history, account information, and uploaded files, is encrypted at rest using AES-256 encryption on the storage layer.
• Passwords: Authentication credentials are hashed using the bcrypt adaptive hashing algorithm with computationally appropriate salt rounds. Argonis AI never stores, transmits, or has access to your plaintext password at any point.
• API keys and secrets: All internal service credentials and API keys are stored as encrypted environment variables, never committed to source code or version control.

Multi-Layered Session Security

• Session management: Authenticated sessions use cryptographically signed JSON Web Tokens (JWT) delivered via HTTP-only, Secure, SameSite cookies that are inaccessible to client-side scripts.
• Social authentication: Optional OAuth 2.0 sign-in via Google, GitHub, Apple, and other identity providers. Argonis AI never receives or stores your third-party account password.
• Rate limiting: All authentication endpoints are rate-limited to prevent brute-force attacks and credential stuffing. Repeated failed attempts trigger progressive delays.
• Account recovery: Password reset flows use time-limited, single-use cryptographic tokens delivered to your verified email address.

PCI DSS-Compliant Payment Processing

• All payment processing is handled by a PCI DSS Level 1 certified third-party processor. Argonis AI never receives, processes, stores, or has access to your full credit card number, CVV, or bank account details.
• Payment tokens are used for subscription management. These tokens cannot be used to reconstruct your original payment credentials.
• Subscription management, billing history, and payment method updates are handled through the processor's secure hosted portal.

Your Data, Your Control

• Storage location: All user data is stored in United States-based infrastructure.
• Chat history: Your conversation history is stored with your account and is accessible only to you. You can view and delete individual chats or your entire history at any time through your Account Settings.
• Uploaded files: Files shared in conversations are processed in memory and are not permanently stored beyond the session context unless explicitly saved by you.
• Memory and personalization: Argonis AI may derive contextual memory from your conversations to improve future relevance. You can view, manage, and delete stored memories at any time in your Account Settings. Memory extraction can be disabled entirely.
• Account deletion: You may request complete deletion of your account and all associated data at any time. Deletion requests are processed in accordance with our Privacy Policy.

Proprietary Processing Pipeline

• All prompts, messages, and contextual data are processed through ArgonisAI's proprietary infrastructure.
• Your conversations and content are not used to train, fine-tune, or improve third-party AI models or systems. This is a binding commitment described in our Privacy Policy.
• AI-generated outputs are clearly identified as machine-generated and should be independently verified before reliance for critical decisions.
• The system prompt, model configuration, and orchestration logic are proprietary and not exposed to end users or third parties.

Continuous Vigilance

• Uptime monitoring: Production services are monitored continuously with automated health checks and alerting for anomalous behavior, elevated error rates, or service degradation.
• Logging: Application logs are collected and retained for security analysis, debugging, and audit purposes. Logs do not contain plaintext passwords, payment credentials, or full conversation content.
• Incident response: Argonis AI maintains defined incident response procedures. In the event of a security incident affecting user data, affected users will be notified in accordance with applicable law and our Privacy Policy.
• Dependency management: Third-party dependencies are monitored for known vulnerabilities and updated on a regular cadence.

Report a Vulnerability

If you discover a security vulnerability in Argonis AI, we encourage responsible disclosure. Please report it to:

Email: [email protected]

• We will acknowledge receipt of your report within 48 hours.
• We will work with you to understand and validate the issue.
• We will not take legal action against security researchers who act in good faith and comply with this disclosure policy.
• Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.