Security

Last updated: February 20, 2026

Our Commitment

Security is foundational to Thallus. We design every layer of our platform with security in mind, from infrastructure to application logic. This page outlines our security practices and commitments.

Infrastructure Security

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Cloud hosting: Deployed on enterprise-grade cloud infrastructure with SOC 2 certified providers.
  • Network isolation: Services run in private networks with strict firewall rules and no direct public access to databases.
  • Regular patching: Infrastructure and dependencies are regularly updated to address known vulnerabilities.

Application Security

  • Authentication: JWT-based authentication with configurable session expiry. Support for SSO via SAML 2.0 and OIDC.
  • Authorization: Role-based access control (RBAC) at platform, organization, group, and user levels.
  • API security: API key authentication with SHA-256 hashing at rest. Rate limiting on all endpoints.
  • Input validation: Strict input validation and sanitization across all API endpoints.
  • Audit logging: Comprehensive audit trails for all user actions and AI agent operations.

Data Protection

  • Customer Data isolation: Multi-tenant architecture with strict data isolation between organizations.
  • Credential storage: Integration credentials (OAuth tokens, API keys) are encrypted at rest using per-organization keys.
  • Data residency: Self-hosted deployment option for organizations with data residency requirements.
  • Data minimization: We collect and retain only the data necessary to provide the Service.

AI Agent Security

  • Scoped access: Each AI agent operates within defined boundaries, accessing only the data sources explicitly authorized.
  • Full audit trail: Every agent action, tool call, and data access is logged with complete context.
  • Human-in-the-loop: Approval gates in workflows ensure human oversight for sensitive operations.
  • No training on Customer Data: Customer Data is never used to train AI models.

Operational Security

  • Access controls: Employee access to production systems is restricted, logged, and reviewed regularly.
  • Security monitoring: Continuous monitoring for anomalies and potential security incidents.
  • Incident response: Documented incident response procedures with defined escalation paths.
  • Vulnerability management: Regular vulnerability scanning and penetration testing.

Deployment Options

  • Thallus Cloud: Fully managed with our security controls applied.
  • Self-hosted: Deploy within your own infrastructure for maximum control. Docker and Kubernetes options available, including air-gapped deployments.
  • Hybrid: Cloud management plane with on-premise data connections.

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly to security@thallus.ai. We appreciate responsible disclosure and will acknowledge reports within 48 hours.

Contact

For security inquiries, contact security@thallus.ai.