Insigo holds your competitive position, the facts you teach it, and the calls you make. Protecting that isn't an add-on — isolation, privacy, and provenance are how the system is built. This page is a plain summary of how.
Every workspace is a separate tenant. Membership is enforced server-side on every request, so no one outside your team can reach your data — and internal service routes are unreachable from the public internet.
Your prompts, your corpus, and the facts you teach the system are processed under enterprise terms and are never used to train foundation models. Your private facts stay in your workspace.
All traffic is encrypted in transit (TLS 1.2+). Data is encrypted at rest, and integration secrets are held in an encrypted store — never committed to source. Passwords are bcrypt-hashed.
No open sign-up: accounts are provisioned or invited. Access is role-based (Owner / Admin / Member), authenticated with short-lived tokens, with self-serve reset over a time-boxed link.
The system reasons only from evidence it collected or facts you taught it — never free-floating model opinion. Every claim drills to the document behind it, so you can audit the reasoning.
Services run with the minimum access they need. Collection reads public and primary-source records only — it never requires access to your internal systems to work.