Security and privacy

Security and privacy are the foundation of Semantara. These are the controls we use to protect your keys and your data.

Key encryption (AES-256-GCM)

Your provider keys are stored encrypted with AES-256-GCM. The encryption key is managed outside the database and never logged in plain text.

BYOK: you control your keys

You use your own OpenAI/Anthropic keys. We don't resell usage or get in the way of your provider billing; you can revoke access at any time.

Multi-tenant isolation

Each client lives in its own logical space. One client's keys, usage, and configuration are never visible to another.

Key governance

Create, rotate, and deactivate service keys per client, controlling which providers and models each one can reach.

Data handling and privacy

We don't use your prompts or responses to train models. The database acts as an audit and billing record; we use soft deletes to keep traceability without exposing data.

Spend control and rate limits

Track your spend and savings in real time —cost is computed on every request, per client and per key— and set per-key rate limits to curb unexpected usage.

Infrastructure

The platform runs on managed cloud infrastructure, with secrets kept out of the code (loaded from the environment) and authenticated API access. For enterprise requirements, the Enterprise plan supports custom deployments.

Have specific compliance or security requirements? Contact us and we'll review them with you.