Security - Erdo

Your Data is Encrypted

Data Encryption

Our system encrypts your data at rest, in transit, and across every tenant boundary.

End-to-end transport encryption: All communication between Erdo services stays encrypted in transit.
AES-256-GCM at rest: Stored data is encrypted with AES-256-GCM before persisting to disk.
Multi-layer keys: Organization, user, and dataset keys combine to prevent single-key compromise.
Customer-managed keys: We use Google Cloud KMS keys to control infrastructure-level encryption.

Secure Code Execution Sandbox

Every execution runs inside isolated, resource-constrained containers with strict guardrails.

Application kernel: Workloads run inside containers that isolate the host kernel.
No root access: Executions run as non-privileged users with Linux capabilities removed.
Network restrictions: Containers only reach the public internet while private ranges remain blocked.
Filesystem controls: Writable directories are confined and code/input paths are read-only.
Resource limits: CPU, memory, runtime, and output size are strictly capped.
File validation: Path traversal and sensitive directories (.ssh, .kube, etc.) are denied.

Network Security

Private networking keeps workloads segregated while TLS-first communication protects every connection.

Private infrastructure: Compute runs inside private VPCs with no public node IPs.
Isolated environments: Execution and data platforms operate in separate VPCs without interconnects.
Firewall rules: Only required ports stay open and each is restricted by source.
TLS everywhere: TLS is enforced for both external endpoints and service-to-service calls.
WAF protection: Managed WAF rules block OWASP top 10 threats, bots, and DDoS traffic.

Authentication & Access Control

Fine-grained identity and authorization controls make sure only the right people and systems gain access to your data and workloads.

Hashed API tokens: API tokens are stored as hashes so plaintext keys never persist.
Timing-safe auth: Constant-time comparisons prevent timing attacks on credentials.
Role-based access control: Permissions span organization, user, thread, dataset, and integration layers.
Row-level security: Users only query datasets and resources they are authorized to access.
OAuth with CSRF protection: State parameters and CSRF tokens are validated for every OAuth flow.
Encrypted integration credentials: Connected account tokens are encrypted with each dataset's unique key.
Automatic token rotation: Token refreshes occur automatically with secure rotation policies.

Infrastructure Security

Secure-by-default infrastructure and operational rigor keep our platform secure.

Shielded VMs: GKE nodes use secure boot and integrity monitoring.
Workload Identity: Services authenticate to Google Cloud without storing key files.
Least-privilege IAM: Service accounts only hold the minimal permissions required.
Automatic security updates: Infrastructure subscribes to managed release channels for patches.
Image vulnerability scanning: Container images are scanned before deployment for known CVEs.

Code Integrity & Security

Integrity-focused delivery practices protect the code that powers Erdo.

Signed container images: Images are signed with cosign to verify integrity before release.
Infrastructure as code: Security configuration lives in version-controlled IaC for audits.
Secret management: Google Secret Manager stores replicated infrastructure secrets.

Logging & Audits

Comprehensive telemetry, tracing, and rate limits deliver audit-ready visibility.

Real-time error tracking: Incidents trigger alerts instantly for rapid response.
Structured API logging: Every API call is logged with rich metadata for traceability.
Sandbox execution audit: Each sandbox run logs requests, outputs, and errors.
Data query logging: Query activity is captured with user context across the data platform.
Request tracing: Structured logs propagate request IDs for end-to-end tracing.
API token usage tracking: Last-used timestamps power security reviews for each token.
Edge and app rate limiting: Rate controls at multiple layers defend against brute-force and abuse.

Data Retention Policies

Data retention and lifecycle policies ensure records are removed the moment customers leave our platform.

Immediate dataset deletion: Dataset data is purged as soon as a user account is deleted.
Cascading data removal: Related records, embeddings, and metadata are automatically deleted across all systems.
Backup and log cleanup: Backups and audit logs containing customer data are removed according to retention policies.

Strict least-privilege processes keep our team separated from customer data.

Minimal employee access: Employees only access systems required for their role.
Per-employee database credentials: Individual credentials ensure complete audit trails.
2FA enforced everywhere: Multi-factor authentication protects internal and third-party systems.