aisol/data security
capabilities · 07 · security

Your data stays inside – and never trains anyone else's models

The biggest fear when adopting AI is "our data will end up in a public chatbot." At AISOL that is ruled out by design: the platform runs in an isolated environment, passes nothing to third parties, and records every agent action to a log.

isolated environment 0 data used to train external models log of every action
AISOL · Data perimeteraudit · week 27
Processing – inside the perimeterrequests never leave the isolated environment
Data passed to third partiesexternal calls carrying client data0
Agent permissions: sales · read + write CRMaccess only to permitted systems
Action log for the week4,812 operations · each with author and timestamp
Your data is not used to train modelslocked in by contract
clearing up the terms

Public AI and private AI are two different things

The "our data will leak" fear comes from public chatbots, where whatever you type goes off to someone else's servers. An enterprise platform is built differently.

QuestionPublic chatbotAISOL · private platform
Where the data goesTo the service's servers; jurisdiction is out of your controlProcessed in an isolated environment; for large subscriptions – entirely within your own perimeter
Used for trainingOften yes, by defaultNo. Locked in by contract
Who has accessUnknownOnly the roles you grant rights to; agent access is scoped
Action trailNoneA log of every operation: who, what, when
Contractual basisPublic terms of useNDA, contract with personal-data requirements, SLA
how it works

Six layers of platform protection

Isolated processing environmentEach client's data lives in its own isolated environment. Mixing data between clients is ruled out by design.
Agent permissions and rolesAn agent gets access only to the systems and operations its scenario needs – like an employee with a job description.
A log of every actionEvery agent operation is recorded: source, time, result. A full audit trail for security teams and reviews.
Human checkpointsAt critical points in a process there is employee confirmation: a payment, a submission to the fund, a reply to a client. Configured to your own rules.
No training on your dataClient data is not used to train models – neither our own nor third-party ones. That is a contract term, not a promise.
NDA and personal-data requirementsWe work under an NDA from the first meeting and meet the requirements of the personal-data legislation of the Republic of Kazakhstan.
deployment tiers

Two levels of isolation – to fit the scale of the project

Both levels give you isolated processing, an action log, and a ban on training on your data. The difference is where the platform physically runs.

standard

AISOL isolated environment

The platform runs in a dedicated isolated environment set up for your organization. Data is encrypted in transit and at rest and never leaves the environment.

  • A separate environment per company
  • Encryption of data at rest and in transit
  • Action log and permission scoping
subscription from 12M ₸/year
local perimeter

Fully inside your infrastructure

The platform and models are deployed inside the company perimeter – on your own servers. Data physically never leaves the organization, and there are no external dependencies.

  • Models and processing – inside your perimeter
  • Operation with no access to external networks
  • Integration with your own security and monitoring systems
for subscriptions from 100M ₸/year
frequently asked

What security teams ask

No. The platform does not send your data to public services: processing happens in an isolated environment, and at the local tier – entirely inside your own perimeter. A public chatbot and a private enterprise platform are fundamentally different architectures.
No. Client data is not used to train models – neither our own nor third-party ones. This is fixed in the contract. Tuning the platform to your processes is a matter of configuring scenarios and connections, not training models on your data.
Access is limited to the engineers running your deployment, on a least-privilege basis and under NDA. Every access to the data is logged. At the local deployment tier, access is possible only with your authorization inside your own perimeter.
We meet the requirements of the personal-data legislation of the Republic of Kazakhstan: processing on behalf of the operator, localization, data-subject rights. The legal framing is the contract, an NDA, and a personal-data processing agreement.
Yes. For projects with a subscription from 100M ₸/year, the platform and models are deployed inside your perimeter – on your own servers, with no access to external networks if required. This is the tier for banks, healthcare, and the quasi-public sector with strict security requirements.
next step

We'll go through your security requirements point by point

Send over your security questionnaire or bring your infosec specialists to a meeting: we'll walk through the architecture, the data perimeter, logging, and the contractual basis. Under NDA – from the first meeting.

demo · process review · prototype – free

Request a meeting with our security team

Request sent. We'll get in touch within one business day.

By submitting the form you agree to the processing of personal data. We'll sign an NDA at the first meeting.