Security & Trust

Twing.AI is built for private market investment teams. Our core security model is simple: keep customer data isolated, minimize external data exposure, and provide auditable controls that match enterprise expectations.

Our 3-Layer Security Model

1

Dedicated AWS Environment (Default)

Each customer runs in a dedicated AWS account with per-tenant infrastructure (VPC/network boundaries, compute, data stores, and S3 buckets). Data is not shared across tenants.

2

Model Providers That Don't Train on Your Data

We support multiple foundation model providers (Gemini, Anthropic, OpenAI) and configure usage so your prompts and outputs are not used to train provider models (under their commercial/API policies). OpenAI's API data is not used for training by default, Anthropic's commercial products/API are not used for training by default, and Google's Gemini API documents that logged data for abuse monitoring is not used to train models.

3

Web Interactions Are Pull-Only

When web research is enabled, Twing.AI uses the web only to retrieve public information (search + fetch). We do not push your internal documents, extracted content, or deal materials to third-party websites as part of browsing. (If you want even stricter control, web access can be disabled or allow-listed.)

Identity and Access Management

Single Sign-On (SSO)

We support SAML 2.0 / OIDC with providers like Okta, Azure AD, and Google, plus role-based access control. Optional SCIM is available for automated provisioning.

Least Privilege by Default

We default to least-privilege access patterns and tenant-scoped permissions.

Data Isolation and Storage

Tenant Isolation (Default)

  • No cross-customer data sharing.
  • Dedicated AWS account per customer.
  • Network boundaries and IAM guardrails enforce separation.
  • Logs and metrics are partitioned by account.

Encryption

  • TLS 1.2+ in transit
  • Encryption at rest for managed data stores and S3
  • Secrets stored in a secure vault (never committed to source control)
  • Support for customer-managed encryption keys (AWS KMS) and rotation policies

Backups and Disaster Recovery

Backups and DR are performed per tenant.

Foundation Models and Key Management

BYOK or Managed Keys

You can use Twing.AI's secured model tokens or bring your own keys (BYOK). Prompts and outputs remain scoped to your tenant.

Model-Agnostic Routing

We can route tasks to the best model for the job (OpenAI, Anthropic, Google) and avoid locking you into a single vendor.

Observability, Auditability, and Compliance

Audit Logging

Per-tenant audit logs and access logs are available, with export to your SIEM upon request.

Internal Access Controls

We follow least privilege for internal access with just-in-time elevation and approvals.

Compliance Posture

SOC 2 Type II program is in progress. We support customer security reviews and DPAs.

Deployment Options

We support multiple deployment modes depending on your security/compliance posture:

  • Managed single-tenant (your keys)
  • Managed single-tenant (our keys)
  • In-tenant / private cloud (your AWS/Azure, your VNet/IAM/KMS)

Frequently Asked Questions

Is data ever shared across customers?

No. Each customer runs in a separate AWS account with strict network/IAM isolation.

Are prompts or outputs used to train foundation models?

No. Under the default terms for OpenAI API, Anthropic commercial/API, and Gemini API usage policies, customer inputs/outputs are not used for training (unless explicitly opted in where applicable).

Can we use our own model keys?

Yes. BYOK is supported.

Can we restrict or disable web research?

Yes. Web access can be disabled, or limited to allow-listed destinations (recommended for strict environments).

Questions? Email security@twing.ai.