Trust, Security & Compliance

How myai protects your data, isolates execution, and manages enterprise permissions.

myai is built for enterprise pilots where customer data, system access, and operational decisions need clear controls. This page summarizes the security model we use today and points to the formal compliance work that is still in progress.

For the canonical public status of our certification path and control roadmap, see the Trust Center.


Architectural Security Principles

  • 1. Isolated Execution — Custom scripts (functions) and AI-driven data processing run in isolated runtime environments with constrained access to the surrounding system.

  • 2. Dimensional Isolation — The core concept of a Dimension scopes which Artifacts, Skills, and data are available to an AI session unless additional access is explicitly granted.

  • 3. The Principle of Least Privilege — myai enforces granular access control. You dictate exactly which Workflows or individuals can access specific integration_credentials (like API keys) and internal Artifacts.

  • 4. Audit Trails — Work Orders record the initiator, instructions, and tool activity needed to review what happened during an AI-assisted workflow.


Frequently Asked Questions

How is data segregated between tenants?

myai uses logical tenant segregation at the application and data layers. Dedicated infrastructure deployments are available for enterprise customers that require stronger physical isolation.

Does myai train its base models on my company data?

No. We do not use your proprietary business data, Canvas content, Artifact information, or chat histories to train our foundational models. Your data remains yours.

How does myai handle PII and GDPR compliance?

myai helps customers identify and manage Personally Identifiable Information (PII) within Artifacts and supports customer requests for export or deletion under the applicable agreement. Formal privacy and compliance obligations should be reviewed through our DPA and security questionnaire process.

What are your data retention policies?

Data retention is governed by the customer agreement and deployment configuration. Enterprise customers can request export or deletion workflows through their account team.

How are integration credentials secured?

We store integration_credentials (like OAuth tokens or API keys) in encrypted secret storage. Custom functions and tools retrieve credentials at runtime without exposing raw secret values to the end user.

Where is myai deployed?

myai production infrastructure runs on Google Cloud Platform (GCP) in the United States. For the current certification status and control roadmap, see the Trust Center.


Learn More

  • Reliability & Limitations — When to trust myai outputs and where human review is required.
  • Quality Roles Guide — How quality teams use Work Orders and audit trails for compliance.
  • Integrations — How credentials, webhooks, and API connections work.
  • Terminology — Definitions for Work Orders, Dimensions, and other security-relevant concepts.