Policy

Security Overview

Last updated November 11, 2024

Round Table AI supports engineers, researchers, and leadership teams who need reliable, confidential AI conversations. Security is layered throughout our stack.

Infrastructure

  • AWS Foundation: We run inside VPC-isolated AWS accounts with private subnets for databases and compute workloads.
  • Edge Protection: CloudFront with Origin Access Control fronts every static asset, while AWS WAF blocks common attack patterns and enforces rate limits before they hit the origin.
  • Infrastructure as Code: The marketing site lives inside AWS Amplify (CloudFront + Lambda@Edge), while the chat app uses Terraform-managed services. Everything passes through Git-based reviews before deploy.

Application Security

  • Secrets Management: AI provider credentials, Stripe keys, and JWT signing keys live in AWS Secrets Manager. Applications assume IAM roles that grant scoped, auditable access.
  • Least Privilege: Service roles are scoped to the exact S3 buckets, queues, or databases they require.
  • Input Sanitization: Conversation transcripts are normalized before being replayed to providers, preventing prompt injection across agents.
  • Offline-Safe Runs: Every agent completion is queued and persisted before dispatching to providers, preserving a tamper-proof audit trail.

Data Protection

  • Encryption: TLS 1.2+ in transit and AES-256 at rest via managed KMS keys.
  • Database: Aurora PostgreSQL stores conversations, usage metrics, and billing state. Automated multi-AZ backups run nightly.
  • Token Accounting: Platform token calculations preserve the raw provider usage for finance exports, while exposing rounded totals to end users.

Monitoring & Response

  • Observability: Structured logs, application metrics, and conversation events stream to CloudWatch. Alerts trigger on latency spikes, token anomalies, and WAF rule hits.
  • Incident Response: On-call engineers triage incidents with documented playbooks. Critical issues are communicated through the status page and in-app banners.
  • Vulnerability Management: Dependency updates and security patches flow through automated Dependabot + CI pipelines. High-severity issues receive expedited releases.

Customer Responsibilities

  • Maintain strong passwords or SSO enforcement for every user.
  • Limit access to sensitive conversations and export data responsibly.
  • Report suspected vulnerabilities to security@round-table.ai. We respond within one business day.

Security is a shared responsibility. We welcome audits, questionnaires, and diligence requests from prospective customers—reach out via sales@round-table.ai to begin the process.

Sign InGet Started Free