Security
Last updated June 28, 2026
Security is part of the product: AIOS handles real calls, conversations and contact records. This page summarizes how we protect data and what stage our program is at. AIOS is operated by NoManagement B.V. (Netherlands).
Our approach to security
AIOS handles real conversations, phone calls and contact records, so security is part of the product. We are operated by NoManagement B.V. in the Netherlands and we build to the controls that recognized security frameworks expect: encryption, least-privilege access, strict separation between customers, vaulted secrets, and a tamper-evident record of what happens. This page is a summary of our program, not a contract; the binding commitments are in our Terms, Privacy Policy and Data Processing Addendum.
Encryption
Data is encrypted in transit using current TLS, and data at rest, including the database, the file storage where call recordings live, and backups, is encrypted by our hosting providers. We do not transmit or store personal data in the clear inside the platform.
Tenant isolation
AIOS is multi-tenant and we keep customers separated by design. Every record carries the id of the customer it belongs to, queries are scoped to that id, and one customer's agents, leads and settings are never visible to another. An embedded agent that has not been connected to a CRM only ever sees that customer's own records. Credentials for a CRM or channel you connect are resolved per customer.
Vaulted credentials and secrets
When you connect your CRM or channels, the access token is stored in a dedicated secrets vault, not in an ordinary database row and never in a log. The vault can only be read by our backend service role through narrow, purpose-built functions; the public API, anonymous users and signed-in users have no access to it. Our own service keys live in environment secrets, never in source code, and are rotated when needed. Removing a connection deletes the stored secret.
Access controls and audit logging
Access follows least privilege. User-facing changes are written to an append-only audit trail, and we record access with the actor and the source. The platform watches for and blocks prompt-injection attempts, jailbreak attempts, repeated authentication failures and abnormal access, recording each as a security event for review.
AI safety and data separation
Inputs to our agents are screened for prompt-injection and jailbreak patterns, and suspicious facts are dropped and audited before an agent learns from a conversation. What an agent learns stays within the one customer it serves. We do not use lead data to train models for other customers, and we do not combine one customer's data with another's.
Platform and abuse protections
Public endpoints are rate limited. The embeddable agent widget runs in an isolated frame and the API behind it accepts requests only from the AIOS-served widget. Links we email that can trigger an action are short-lived and cryptographically signed, and the page behind them will not act on a simple link preview. Internal connections between our own services are gated by shared secrets compared in constant time, so a wrong or missing secret disables the path rather than leaking anything.
Data retention and deletion
How long we keep recordings, transcripts and messages is configurable per customer. Requests to delete or export personal data are handled on the controlling party's instruction, and where the law requires us to preserve data for a dispute or investigation, a legal hold can pause deletion for the affected records. The legal detail is in our Privacy Policy and Data Processing Addendum.
Vendors and subprocessor diligence
We use a small set of vetted providers, each bound by contract to protect data and use it only to provide the service to us. The current list is at aios.supply/subprocessors, and we give notice before adding a new one. The CRM and channels you connect are your own systems, which you choose and control; they are not on our subprocessor list.
If something goes wrong (breach response)
We keep a register of any security incident, including when it was discovered, what it affected and how we responded. If a breach affects lead data we handle for a customer, we are the processor and we notify that customer without undue delay so they can meet their own obligations. If a breach affects our own account data, we are the controller and we notify the affected users and the Dutch Data Protection Authority as the law requires.
Reporting a vulnerability
If you believe you have found a security issue, email [email protected] with enough detail to reproduce it. We will acknowledge your report, investigate and keep you updated. We will not pursue legal action against good-faith research that avoids privacy violations, service disruption and access to data that is not yours. Please give us a reasonable chance to fix an issue before disclosing it publicly.
Certifications and where we are
We are honest about our stage. AIOS is built to the controls that frameworks such as SOC 2 expect, including encryption, access control, audit logging and vendor diligence, but we are not yet formally certified, and we will say so rather than imply otherwise. We will update this page as our program matures. If your security review needs specifics, email [email protected].
Questions, or a privacy or data request? Email [email protected].
This page is a plain-language summary, not legal advice. Have counsel review before relying on it.