How your data is stored, isolated, and handled.

01 · Deployment tiers

RARS is available in two deployment tiers, plus a roadmap option for customer-controlled infrastructure.

Public cloud: default, open sign-up

Anyone can create a workspace on the public cloud. All data and compute remain within US borders, on shared, multi-tenant infrastructure operated by Poliglot. Workspaces are scoped at the application layer: your data, operating models, and actions are visible only to users you authorize. Data at rest is encrypted with AES-256 and data in transit is TLS 1.2+.

Private cloud: dedicated tenant, on business & enterprise plans

Private cloud is included with our business and enterprise plans, and is the default for firms in regulated industries (accounting, financial services, defense) and for design partner engagements. It provides a dedicated-tenant deployment with its own logical database, its own object storage, and its own per-tenant encryption keys. It is not a different product. It is the same RARS, with isolation enforced at the storage and runtime layer. Upgrade in-product, or talk to us if you want help picking the right fit.

Customer-VPC: on the roadmap

A customer-VPC deployment option (RARS running inside your own cloud account) is the next milestone after private cloud. Talk to us about your requirements and we'll tell you where it sits in the plan.

Regardless of tier: credentials for connected systems are encrypted in your browser before transmission (see Secret management), and inference is routed to the model provider you choose. Whether Poliglot can use your workspace data to train or improve RARS is governed by a workspace setting you control (see AI model & training policy).

02 · Data & isolation

The specifics of isolation depend on your deployment tier. Both tiers use per-workspace authorization and encryption everywhere; they differ in whether the underlying storage is shared or dedicated.

Public cloud

• Workspaces share underlying datastores. Authorization is enforced at the application layer. Users only see data in workspaces they've been granted access to.
• Data at rest is AES-256 encrypted with shared-tier keys managed by Poliglot.
• Data in transit is TLS 1.2+, including internal service-to-service traffic over mTLS.

Private cloud

• Each customer is provisioned with its own logical database, its own object storage, and its own per-tenant encryption keys.
• Cross-tenant access is blocked at the storage-policy layer, not only in the application.
• Customer support access to tenant data is off by default and requires explicit customer authorization with a time-bounded audit record.

03 · AI model & training policy

RARS is a Bring Your Own Model platform. Inference is routed to the model provider you choose (OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, or an on-premise model endpoint). What the model provider does with inference data is governed by your contract with them. We contract for zero data retention, no training on customer data where providers offer that option (true of OpenAI enterprise, Anthropic, Azure OpenAI, and AWS Bedrock by default), and we pass those terms through in the DPA.

Training by Poliglot: workspace-controlled

Whether Poliglotcan use your workspace data to improve RARS is governed by a setting you control from your workspace settings. With the setting enabled, we reserve the right to use your workspace's inputs, outputs, and engagement state, including to train or fine-tune models. With it disabled, we do not use your data for training, fine-tuning, or model evaluation.

Defaults by deployment tier

• Public cloud: enabled by default. Workspace owners can toggle it off at any time from workspace settings; the change takes effect immediately for data going forward.
• Private cloud: disabled by default. The setting stays off unless the workspace owner explicitly opts in.
• Customer-VPC (roadmap): disabled by default. In a customer-VPC deployment, data does not leave your environment regardless of the setting state.

Disabling the setting stops Poliglot's use of your workspace data for training or evaluation going forward. Data already incorporated into a prior training run cannot be retroactively removed from trained model artifacts; if you need a specific removal commitment, reach out and we'll walk you through what we can honor.

04 · Secret management

Connected-system credentials (your GL, your practice management system, your model provider API keys) are encrypted in your browser before they leave the client, using X25519 ECDH to derive a shared key with the server and XChaCha20-Poly1305 to encrypt the payload. The API receives ciphertext only.

At rest. Secrets are stored under KMS envelope encryption (AES-256-GCM). Plaintext is never persisted to disk.

In use. When an action needs a credential, the runtime decrypts it transiently into an ephemeral execution context, uses it to call the target system, and clears it from memory. Plaintext materializes briefly in server and runtime process memory during these paths. We minimize the window and scope, but plaintext is inherently in memory for any system that calls APIs on your behalf. A host-level attacker on a running runtime process during that window could observe the credential in use. We mitigate through tenant-isolated runtimes on private cloud, least-privilege host policy, and time-bounded execution contexts.

Key ownership by tier

• Public cloud: shared-tier KMS master key managed by Poliglot.
• Private cloud: per-tenant KMS master key, provisioned for your dedicated-tenant deployment.
• Customer-VPC (roadmap): KMS keys managed under your own cloud account; Poliglot does not hold them.

Rotation. Credentials can be rotated from workspace settings at any time. Rotation is a first-class customer operation and does not require contacting support.

05 · Data handling & privacy

What we collect

The data you and your authorized users put into RARS (operating model definitions, engagement state, connected system configuration, inference inputs and outputs), plus product telemetry needed to operate the service (auth events, request metadata, error traces). We do not collect tracking identifiers that allow us to follow users across the web.

Retention

Customer workspace data is retained for the duration of your agreement with us. Operational logs are retained for 90 days by default. You can request a shorter retention window for your tenant.

Export and deletion

Customer data is portable. You can request an export of your workspace at any time. On contract termination, customer data is deleted from primary storage within 30 days, and from backups within 90 days.

Sub-processors

We maintain a list of the sub-processors we use to deliver the service: our US-based cloud infrastructure provider, the model providers you route inference through, and our auth and transactional email providers. The current list, with vendor names, is available on request and will be published here as we formalize the sub-processor notification process.

06 · Compliance program

We publish our compliance status openly. The table below reflects the current state; target dates are honest targets, not marketing.

Priorities are negotiable. If a specific certification unlocks your deployment, talk to us. We're open to re-sequencing the roadmap when a customer need makes the case. Email security@poliglot.io with the standard and timeline you need.

07 · Responsible disclosure

Report suspected vulnerabilities to security@poliglot.io. Please include a description of the issue, steps to reproduce, and any environment details relevant to triage.

We acknowledge reports within two business days, prioritize triage against customer impact, and coordinate disclosure with reporters in good faith. We do not pursue legal action against researchers who follow this policy.