Your Data. Your Cloud.
Your Control.
Enterprise-grade security architecture designed for industries where compliance isn't optional.
Three Security Pillars
Every deployment is built on these non-negotiable foundations.
VPC Deployment
We deploy via automated scripts directly into your existing AWS, Azure, or GCP infrastructure. The entire system runs within your Virtual Private Cloud. We never see your data.
- ✓ Your AWS/Azure/GCP account
- ✓ Your network policies apply
- ✓ Your IAM controls access
Air-Gapped Options
For "Nightmare" tier clients with the highest security requirements, we support fully local, on-premises inference using quantized open-source models.
- ✓ No internet connection required
- ✓ Open-source models on local GPU
- ✓ Complete data isolation
Zero-Training Guarantee
We contractually guarantee that no data processed through our pipelines is ever used to train public models. Your proprietary information stays proprietary.
- ✓ Written into every contract
- ✓ Audit logs available
- ✓ Self-hosted model options
How It Actually Works
A simplified view of a typical NoteHook deployment architecture.
┌─────────────────────────────────────────────────────────────────────────┐
│ YOUR INFRASTRUCTURE │
│ ┌─────────────────────────────────────────────────────────────────┐ │
│ │ YOUR VPC / VPN │ │
│ │ │ │
│ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │
│ │ │ Data Sources │ │ NoteHook │ │ LLM Engine │ │ │
│ │ │ ┌──────────┐ │ │ Pipeline │ │ ┌──────────┐ │ │ │
│ │ │ │OneDrive │ │────▶│ ┌──────────┐ │────▶│ │Enterprise│ │ │ │
│ │ │ │G-Suite │ │ │ │Chunking │ │ │ │ Model │ │ │ │
│ │ │ │SQL DB │ │ │ │Embed │ │ │ │ (API) │ │ │ │
│ │ │ │SharePt │ │ │ │Index │ │ │ │ │ │ │ │
│ │ │ └──────────┘ │ │ └──────────┘ │ │ └──────────┘ │ │ │
│ │ └──────────────┘ └──────────────┘ └──────────────┘ │ │
│ │ │ │ │ │ │
│ │ └────────────────────┼────────────────────┘ │ │
│ │ │ │ │
│ │ ┌───────────▼───────────┐ │ │
│ │ │ Vector Database │ │ │
│ │ │ (Private Store) │ │ │
│ │ └───────────────────────┘ │ │
│ │ │ │ │
│ │ ┌───────────▼───────────┐ │ │
│ │ │ Internal Dashboard │ │ │
│ │ │ (Web App) │ │ │
│ │ └───────────────────────┘ │ │
│ └─────────────────────────────────────────────────────────────────┘ │
│ │
│ ╔═══════════════════════════════════════════════════════════════════╗ │
│ ║ ⚡ ALL DATA STAYS WITHIN THIS BOUNDARY. WE NEVER SEE YOUR DATA. ║ │
│ ╚═══════════════════════════════════════════════════════════════════╝ │
└─────────────────────────────────────────────────────────────────────────┘
Compliance Ready
Our architecture supports the strictest compliance requirements.
HIPAA
Healthcare data protection
SOC 2
Security controls
GDPR
EU data protection
Custom NDAs
Tailored agreements
Note: NoteHook Labs provides the infrastructure for compliance. The client maintains their own compliance certifications.
Security FAQ
Do you ever access our data?
No. We deploy infrastructure via automated scripts. The data pipeline runs entirely within your cloud account. We can optionally provide read-only access to logs for debugging, but never to actual document content.
What happens if we use an Enterprise LLM?
If you choose a cloud-based Enterprise LLM (e.g. via Azure), data is sent to the API but is covered by their enterprise data protection policies (no training on your data). For maximum privacy, we recommend self-hosted open-source models.
Can we audit the deployment?
Absolutely. All infrastructure scripts are provided. All container images are built from open-source components. Your security team can review everything before deployment.
What kind of logging do you provide?
Query logs, response latency, error rates, and embedding update triggers. All logs stay in your infrastructure. We can optionally receive anonymized performance metrics for optimization purposes.