Secure by default · Data stays on your side

Security & compliance

Our security posture in detail: architecture, encryption, European hosting, audit, and compliance roadmap.

1. Architecture

Inference runs entirely on the GPU machine paired by the customer. Prompts and responses never leave the customer boundary unless an administrator explicitly enables history on the OwnLLM side (opt-in, encrypted at rest).

No inbound port is opened on the customer side. Communication between the site and the agent uses an outbound Cloudflare Tunnel initiated by the app and terminated with TLS on Cloudflare infrastructure.

2. Authentication

Better Auth : native multi-tenant support, signed JWT sessions, refresh token rotation.
Magic link : 15-minute expiration and aggressive rate limiting on sending endpoints.
2FA TOTP : optional on all plans, required on Enterprise.
SSO SAML / OIDC : available on Pro, compatible with Okta, Entra ID, and Google Workspace.
SCIM 2.0 : available on Enterprise, with automatic provisioning and deprovisioning.

3. Encryption

In transit : TLS 1.3 required, terminated by Cloudflare.
At rest : disk encryption on Neon, secrets hashed with sha256, API keys never stored in clear text.
Tunnel credentials : stored in the agent OS keychain (macOS Keychain, Windows DPAPI, Linux libsecret). Never logged.
Shared secret : rotated every 30 days through heartbeat.

4. EU hosting

All OwnLLM metadata is hosted in the European Union:

Vercel — EU regions enabled by default.
Neon — Frankfurt region, Germany.
Resend — EU region.
PostHog Cloud — EU region.

Inference stays on the customer machine. Prompt content does not pass through our systems.

5. Audit & logs

Audit logs : who, when, which model, how many tokens. No content by default.
Retention : 90 days on Pro, 12 months on Enterprise with CSV and API export.
Agent logs : 7 rolling days on the customer machine, never uploaded.

6. Compliance roadmap

Pillar	Status	Detail
GDPR	Compliant	DPA included, EU hosting, exercisable data subject rights.
AI Act	Infrastructure provider	ToS disclaimer, re-audit planned after secondary texts.
SOC 2	Type I in progress	Type II finalized within 12 months.
ISO 27001	Gap analysis	Audit preparation in progress.

7. Subprocessors

Public list of our subprocessors. All have signed a standard DPA.

Subprocessor	Purpose	Region
Vercel	Website hosting (EU regions enabled)	EU
Neon	Postgres database	Frankfurt
Cloudflare	Network tunnel, DNS, WAF	Global / DPA
Resend	Transactional emails	EU
Stripe	Payments and subscriptions	Ireland
PostHog Cloud	Product analytics	EU
Sentry	Error monitoring	EU

8. DPA

Our Data Processing Agreement is available for download. The Enterprise version can be customized.

Download the DPA (PDF)