Trinity markOpsBrain

Trust

Security & trust

OpsBrain is built for teams that trade on contractual truth. This page summarises how we think about protecting that data — without marketing fluff. For legal terms, see our Privacy Policy and DPA.

Reference architecture

Browser (HTTPS)          Next.js (marketing + app)
       │                          │
       └──────────┬─────────────────┘
                  │  JWT / cookies
                  ▼
            FastAPI (OpsBrain API)
                  │
      ┌───────────┼───────────────┐
      ▼           ▼               ▼
  PostgreSQL    Redis         Object storage
  (tenants)   (sessions/     (encrypted docs)
               denylist)

Browser → your Next.js deployment → authenticated FastAPI → PostgreSQL / Redis / object storage. Exact hosting choices depend on your contract and region.

Tenant isolation

Every workspace is scoped to a company tenant. API access is enforced server-side after JWT validation, database lookups, and role checks — not by trusting the client.

Uploaded documents and extracted commitment data stay within your tenant boundary for routine operations.

Encryption & secrets

Sensitive configuration and per-tenant material use application-level encryption patterns so plaintext secrets are not stored alongside customer payloads without protection.

Transport security assumes HTTPS in production; session cookies use httpOnly and Secure flags when configured for your deployment.

BYOK (Premium+) lets you supply your own AI provider keys so inference billing and policy stay in your control.

AI & human review

Extraction proposes structured commitments from documents; your team confirms, edits, or rejects before obligations become operational truth.

Treat the model as an accelerator, not an autonomous agent: no outbound email or payment should run without the approval flows you configure.

When models are wrong, the correction happens in-product — which also improves review quality for your organisation over time.

Data retention & deletion

Operational documents and derived commitment data are retained while your subscription is active. After cancellation, standard deletion windows apply — see the Privacy Policy for numeric timelines and audit-log exceptions.

Enterprise customers may negotiate custom retention or export requirements via contract.

Subprocessors

Infrastructure providers (hosting, DNS, email) may process metadata required to run the service. A current list suitable for vendor review is available on request — start with argen@opsbrain.com and we will provide the latest table.

We do not sell customer data or use your documents to train public models.

Auditability

Operational and security-relevant actions are designed to leave an audit trail suitable for internal governance and investigations.

Retention windows for uploaded documents vs. audit metadata may differ; legal pages describe post-termination handling.

What we still need from you

Strong passwords, MFA where available, and careful handling of invite links.

A clear data classification policy so you only upload material your organisation is allowed to process in a SaaS environment.

Security questions: argen@opsbrain.com