Security

Deploy where your data must live.

Ix Infrastructure is designed for environments with strict security requirements. Run it on-prem, in your VPC, or in managed cloud deployments. Control access, isolate tenants, and keep sensitive content inside your boundary.

Deployment models

  • On-prem / air-gapped: no external dependencies required at runtime.
  • VPC / private cloud: isolate services, private networking, customer-managed keys.
  • Managed cloud: standard hardening, least-privilege IAM, and observability.

Data boundaries

  • Content stays in your storage: documents, embeddings, and graph data remain inside your deployment.
  • LLM is optional: integrate local/private models or external APIs based on your policy.
  • Separation by design: isolate tenants, workspaces, and connectors per environment.

Access control

  • AuthN/AuthZ: SSO/OIDC/SAML (where applicable) + service-to-service identity.
  • Fine-grained authorization: workspace/project ACLs and policy enforcement at query time.
  • Least privilege: scoped tokens for connectors, ingestion, and query runtime.

Encryption

  • In transit: TLS everywhere (internal and external).
  • At rest: encrypted storage for graph data and indices (KMS/HSM where available).
  • Key control: support customer-managed keys in private deployments.

Auditability

Ix is built to be inspectable. You should be able to answer: who queried what, when, and under which policy.

  • Audit logs: query events, ingestion events, policy decisions.
  • Provenance: evidence links from graph nodes/edges back to sources (where enabled).
  • Reproducibility: deterministic ingestion options for stable structure.

Telemetry (optional)

If enabled, telemetry is event-based and content-free. We never need your document text, node attributes, embeddings, or private payloads to diagnose stability and performance.

  • Includes: health checks, error codes, latency, feature usage counts.
  • Excludes: document contents, graph semantic payloads, embeddings.
  • Controls: opt-in, configurable sinks, redaction, and sampling.

Security posture

Threat model first

We design around real enterprise threat surfaces: connectors, credentials, multi-tenant access, and query-time leakage.

Secure defaults

Locked-down network paths, least-privilege service roles, and explicit configuration for any outbound connections.

Practical hardening

Rate limiting, input validation, secrets management integration, and safe logging practices.

Want to review your deployment constraints?

We’ll map Ix to your environment (on-prem, VPC, cloud), connector policies, and AI model strategy.

Join early access Talk to us