Enterprise-Grade Security

Security at Autowired

Your documents contain sensitive information. We've built Autowired from the ground up with security as a core principle, not an afterthought.

Encryption at Rest

All documents and extracted data are encrypted using AES-256 encryption in Amazon S3 with server-side encryption enabled.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.

Secure Authentication

User authentication is handled by Clerk, providing enterprise-grade security with MFA support and secure session management.

Isolated Infrastructure

Each tenant's data is logically isolated using separate partition keys and S3 prefixes, ensuring complete data separation.

Access Controls

Role-based access controls (RBAC) allow team administrators to manage permissions and restrict access to sensitive data.

Team Security

Teams can manage member access, invite collaborators, and revoke access instantly when needed.

Infrastructure Security

Cloud Infrastructure

  • Hosted on Amazon Web Services (AWS) with multi-region redundancy
  • AWS Lambda for serverless, isolated document processing
  • Amazon DynamoDB for highly available database operations
  • Amazon S3 for durable document storage with 99.999999999% durability

Network Security

  • AWS WAF (Web Application Firewall) protection
  • DDoS mitigation through AWS Shield
  • Private VPC networking for internal services
  • Regular security assessments and penetration testing

Data Processing

  • Documents processed in isolated Lambda environments
  • No persistent storage of documents in processing layer
  • Temporary files automatically deleted within 24 hours
  • AI processing via AWS Bedrock with data processing agreements

Data Handling Practices

Document Processing

When you upload a document, here's how we handle it securely:

  1. 1Document is uploaded directly to your isolated S3 bucket via secure presigned URLs
  2. 2Processing occurs in isolated serverless functions with no shared state
  3. 3AI extraction is performed via AWS services with data processing agreements
  4. 4Results are stored encrypted in your tenant partition with strict access controls

Data Retention and Deletion

  • You control your data retention - delete documents and extracted data at any time
  • Temporary processing files are automatically purged within 24 hours
  • Account deletion triggers complete removal of all associated data
  • We maintain audit logs for security monitoring (retained per compliance requirements)

Third-Party Security

We carefully select and monitor our third-party service providers to ensure they meet our security standards.

AWS (Infrastructure)

SOC 1/2/3, ISO 27001, PCI DSS Level 1, HIPAA eligible

View AWS Compliance

Clerk (Authentication)

SOC 2 Type II certified, GDPR compliant

View Clerk Security

Stripe (Payments)

PCI DSS Level 1, SOC 1/2, ISO 27001

View Stripe Security

Google (Gmail Integration)

OAuth 2.0, limited scope access, user-controlled permissions

View Google Security

Security Vulnerability Reporting

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

Please email security vulnerabilities to security@autowired.ai with details about:

  • The type and potential impact of the vulnerability
  • Steps to reproduce the issue
  • Any relevant screenshots or proof of concept

We aim to acknowledge reports within 48 hours and will keep you informed of our progress.

Questions about Security?

Our security team is happy to answer any questions about our practices.

Contact Security Team