Security & Privacy
How Oxagen protects your data — workspace isolation, encryption, privacy controls, and content handling.
Workspace Isolation
Every piece of data in Oxagen belongs to exactly one workspace. PostgreSQL Row-Level Security (RLS) enforces this at the database layer — even if application code has a bug, the database will never return another workspace's data. Isolation is not opt-in; it is structural.
Encryption
| What | How it's protected |
|---|---|
| OAuth tokens | AES-256-GCM encryption at rest |
| Data in transit | HTTPS / TLS 1.3 everywhere |
| Passwords | bcrypt (never stored in plaintext) |
| JWTs | RS256-signed; private key in Google Secret Manager |
| Database | Google Cloud AlloyDB (encrypted at rest by default) |
What We Store About You
Oxagen is built on a store as little as possible principle:
- Knowledge graph data: nodes and edges derived from your content — names, types, relationships, and properties you provide.
- Embeddings: 512-dimensional vectors used for semantic search. These are mathematical representations, not your raw text.
- Audit records: lightweight records of AI operations (intent, status, credit cost). Never the raw prompt text.
- OAuth tokens: encrypted credentials for connected data sources. Used to sync data on your behalf.
We do not store raw email bodies, raw document text, or raw message content. Ingestion processes data and stores structured representations (nodes, edges, properties).
Prompt privacy
The prompt audit trail stores:
- A SHA-256 hash of your prompt (for dedup detection, not for reconstruction)
- A short ≤500-character summary of the outcome (node/edge counts, answer excerpt)
- Operational metadata (latency, credits used, status)
Your prompt text is never stored in the audit trail.
Content Safety
Oxagen screens ingested content automatically:
| Flag | What it detects | Action |
|---|---|---|
v | Violence | Rejected — audit record created, no embedding |
x | Sexually explicit | Rejected — audit record created, no embedding |
n | Nudity | Allowed with content warning |
s | Secrets (keys, passwords) | Allowed, masked in display |
p | PII (SSN, email, phone) | Allowed with privacy handling |
Rejected items create an audit record (filename, type, reason) but no enrichment, embedding, or knowledge graph entry is created.
Privacy Controls
Confidential flag
Mark any node as confidential (confidential: true in properties). Confidential nodes are:
- Excluded from shared artifact visualizations
- Excluded from public-facing exports
- Still searchable and queryable within your own workspace
Do not index
Nodes tagged no_index: true are excluded from semantic search. They remain in the graph and are accessible via direct ID lookup, but won't surface in search results.
Shared artifacts
When you share a knowledge graph visualization or artifact, Oxagen automatically excludes nodes with secrets (s), PII (p), or confidential (c) flags from the shared view.
Access Control
Workspace data is accessible only to members of the owning tenant. Role-based access within a tenant:
| Role | Can read graph | Can write graph | Can manage billing | Can invite members |
|---|---|---|---|---|
| Owner | Yes | Yes | Yes | Yes |
| Member | Yes | Yes | No | No |
There are no per-workspace roles yet — all members of a tenant can access all workspaces within that tenant.
Responsible Disclosure
Found a security issue? Email security@oxagen.ai. We respond within 24 hours. Please do not open public GitHub issues for security vulnerabilities.