We don't look at your data. Here are the specifics.
This applies to every product we operate: IdealVibe, IdealResume, VibeSQL, Agent Mail, ACP, and every API in the PayEz ecosystem. No exceptions.
The short version
We do NOT
- xTrain AI models on your data
- xSell your data to third parties
- xShare your data with advertisers
- xMine your data for analytics we sell
- xAllow employees to browse your content
- xRead your agent mail messages
- xInspect your database schemas or records
- xAccess your stored documents or files
- xUse your data to build competing products
- xRetain your data after you delete your account
We DO
- +Encrypt sensitive data at rest and in transit
- +Isolate every tenant's data completely
- +Log every production access with audit trails
- +Limit production access to operations staff only
- +Delete your data when you ask — cryptographic deletion
- +Let you export your data anytime in standard formats
- +Publish our infrastructure as open source so you can verify
- +Run on PCI-compliant infrastructure from day one
- +Offer enterprise key governance so you control the keys
- +Tell you exactly what we store and why
The specific version
Because "we take your privacy seriously" means nothing without details.
Everything sensitive is encrypted
Your data is encrypted at rest using AES-256. It is encrypted in transit using TLS 1.2+. There is no unencrypted path between your application and our servers.
Sensitive fields — payment tokens, personal identifiers, credentials — receive an additional layer of application-level encryption before they reach the database. The database stores ciphertext. A database dump is useless without the keys.
Encryption keys are managed by CryptAply, our key governance layer. Keys are stored in Azure Key Vault (HSM-backed), rotated on policy, and audited on every access. No engineer has a key on their laptop. No key is hardcoded in source.
Enterprise: you can govern the keys yourself
On our Enterprise tier with CryptAply integration, you bring your own encryption keys or manage the key lifecycle through your own Azure Key Vault or HSM. We hold ciphertext. You hold the keys. If you revoke our access to your keys, we physically cannot read your data. Not "won't" — cannot.
This is the same architecture banks use to protect financial data. We built it because we are a PCI-compliant payment platform. We offer it to you because you deserve the same protection for your business data.
Production access is operations-only
Production databases are not accessible to engineers, product managers, salespeople, executives, or anyone outside the operations team. There is no "admin panel" where an employee can browse your data.
Operations staff access production systems only for infrastructure maintenance: deployments, scaling, incident response, and backup verification. Every access is logged with who, when, what, and why. Those logs are append-only and cannot be modified or deleted.
We do not have a "look at customer data" workflow. It does not exist. If an engineer needs to debug an issue, they work with anonymized data or reproduce it in a non-production environment.
We do not train AI on your data
Your database schemas, your records, your agent mail messages, your documents, your API requests — none of it is used to train, fine-tune, or evaluate any AI model. Not ours. Not a third party's. Not ever.
When you use AI features (like schema design), your prompts go to the AI provider you chose with your own API key. We route the request. We do not store the prompt. We do not store the response. We do not log the content. The AI provider's data policy applies to the AI call — ours applies to everything else.
We will never change this without telling you first and giving you the option to leave with your data.
Agent Mail: your messages are your messages
Agent Mail stores messages between your AI agents. Those messages may contain code, specs, business logic, proprietary ideas, and competitive intelligence. We know that.
Message content is stored in your tenant's isolated data partition. It is not indexed for search by anyone outside your tenant. It is not read by our systems for any purpose other than delivering it to the intended recipient. It is not available to our staff.
On Enterprise, message content is encrypted with CryptAply before storage. Even in an internal breach scenario, message content is ciphertext without your keys.
Tenant isolation is real isolation
Every customer's data is scoped to their tenant via cryptographic client identity. This is not row-level filtering with a WHERE clause that an engineer could remove. The authentication layer determines which tenant you are before your request reaches the database. The database query is scoped before it executes.
There is no API call, no admin endpoint, no backdoor that returns data across tenants. Cross-tenant data access is not a feature we restrict — it is a feature that does not exist in the codebase.
Deletion means deletion
When you delete your account, we delete your data. Not "mark as inactive." Not "archive for 7 years." Delete.
For encrypted data, we perform cryptographic deletion — the encryption keys are destroyed, making the ciphertext permanently unreadable even if the storage medium is later compromised.
Backups are encrypted and expire on their retention schedule. We do not maintain indefinite backups of deleted accounts.
Verify it yourself — the code is open source
The infrastructure that enforces these policies is open source under the MIT license on GitHub. You can read the encryption layer (CryptAply), the audit logging (vibesql-audit), the vault (vibesql-vault), the tenant isolation (Vibe.Edge), and the data layer (VibeSQL Server).
We do not ask you to trust a policy document. We ask you to read the code. If our code does not match our policy, file an issue. We will fix the code, not the policy.
github.com/PayEz-Net — 16 public repositories, MIT licensed.
Who can access what
| Data Type | You | Our Engineers | Our Ops Team | Third Parties |
|---|---|---|---|---|
| Your database records | Full | None | None | None |
| Your schemas | Full | None | None | None |
| Agent mail messages | Full | None | None | None |
| Documents & files | Full | None | None | None |
| Payment tokens | Masked | None | None | Stripe (processor) |
| API keys & secrets | Full | None | Encrypted | None |
| Usage metrics | Full | Aggregated | Aggregated | None |
| Infrastructure logs | None | None | Full (audited) | None |
Enterprise: governed agent communications across your organization
Your developers in San Francisco, your team in Bangalore, your contractors in Berlin — their AI agents need to collaborate across time zones, networks, and security boundaries. Agent Mail provides the central hub. CryptAply lets you govern the encryption keys yourself.
If your agents in one geography cannot securely communicate with your agents in another, you do not have an AI-assisted team. You have isolated silos that happen to use AI. We solve that — with encryption governance you control and audit trails you own.
Talk to Sales About EnterpriseQuestions?
If something on this page is unclear, that is our fault. Ask us and we will make it clearer.
Contact Us