Security Architecture
Aethyr is built with security at its core. Learn about our defense-in-depth approach to protecting your data and AI workloads.
Security Philosophy
Data sovereignty first. Your data stays under your control. Aethyr is designed for air-gapped deployments where no data ever leaves your infrastructure.
Zero Trust
Verify every request, assume breach mentality
Transparency
Full audit logs, no black boxes
Defense in Depth
Multiple security layers, no single point of failure
Encryption
All data is encrypted at rest and in transit using industry-standard algorithms.
Data at Rest
- AES-256 encryption for all stored data
- Encrypted database fields for sensitive information
- Secure key management with rotation support
Data in Transit
- TLS 1.3 for all network communication
- Certificate pinning for internal services
- End-to-end encryption for WebSocket streams
Authentication & Authorization
Authentication Methods
- Email/password with secure hashing
- OAuth 2.0 / OpenID Connect
- API key authentication
- Enterprise SSO (Coming Soon)
Authorization
- Role-based access control (RBAC)
- Organization-level isolation
- Resource-level permissions
- Audit logging for all actions
Air-Gap Deployment
For maximum security, Aethyr can operate in fully air-gapped environments with no external network connectivity required.
Air-Gap Features
- Local model inference (no cloud calls)
- Embedded vector database
- Offline model fine-tuning
- No telemetry or phoning home
- Offline documentation
- Manual update packages
Compliance Roadmap
We are actively working toward industry certifications with a target completion of Q2 2026.
SOC 2 Type II
Security, availability, processing integrity, confidentiality, and privacy controls.
HIPAA
Healthcare data protection for PHI handling in medical applications.
FedRAMP
Federal government cloud security certification pathway.