← Aiboxz

Security Overview

Trust & compliance snapshot · Nova Pro

Data isolation

Production traffic uses TLS. Redis memory partitions and persona definitions are namespaced per customer identifier. Ephemeral LiveKit rooms are used for transport only; durable recall is bound to authenticated identity when tokens are minted through our Next.js issuer.

Private RAG readiness

Voice agents retrieve context from customer-scoped memory lists and optional static knowledge directories configured by the deployment operator. This architecture supports future dedicated vector stores per tenant without changing the client contract.

No training on user data

We do not sell conversation data. Model providers are configured for inference-only use cases; customer payloads are not repurposed as training corpora by Aiboxz.

Operational security

  • Secrets (LiveKit, OpenAI, Redis, Stripe, Resend) are server-side only.
  • Cron endpoints require a shared bearer secret (CRON_SECRET).
  • Memory export requires the same authentication path as voice token issuance.