Your data never trains our models.
Thalium
Sign in Get started

SECURITY

Built for production trust

Security is not a feature — it is the foundation. Every architectural decision in Thalium is traceable back to a security or auditability requirement.

Complete tenant isolation

Every Brain Instance is scoped to a single organisation. API keys cannot access data across tenants. Enforced at the API gateway layer before any application code runs.

API key scoping

Keys are issued with explicit scopes: invocation-only, read-only, or full-access. The memory:write scope is off by default on all key types. Rotate or revoke from the dashboard at any time.

Immutable audit log

Every decision, write, gate verdict, and role execution is recorded in an append-only audit log. No UPDATE or DELETE is permitted — enforced at the database level with triggers.

Source-tagged memory writes

Every entry in the institutional ring has a source field: chain, direct_write, seeding, or calibrator. No write can enter the ring without passing through the single Librarian write function.

Confidence monitoring

The Confidence Monitor tracks quality drift in the institutional ring. Alerts fire when average confidence falls below threshold — before your application is affected.

Guardrail enforcement

The Boundary Keeper role enforces domain constraints before any artifact is returned. Conservative, balanced, or aggressive — configured per Brain Instance.

Infrastructure security

Hosting Fly.io (EU region) — encrypted at rest and in transit
Database Supabase Postgres — row-level security enabled on all tables
API gateway Cloudflare — DDoS protection, rate limiting, request validation
Secrets All secrets in Fly.io secrets store — never in code, logs, or environment files
TLS TLS 1.3 enforced on all connections
Backups Continuous Postgres backups with point-in-time recovery

Security contact

To report a vulnerability or raise a security concern, contact us at security@thalium.io. We respond to all security reports within 48 hours.

PROMPT INJECTION

Injection defence — three layers

Thalium processes untrusted inputs including uploaded documents, webhook payloads, and user-supplied text. Three independent defence layers operate in sequence.

01

Layer 1 — Cloudflare structural sanitisation

Every request passes through a Cloudflare Worker before reaching Fly.io. Checks for instruction-format text in non-content fields, enforces input size limits (text: 50K chars, documents: 2M chars), rejects JSON nesting depth > 10, and flags null bytes. Anomaly rate limiting: >10 violations from one API key in 10 minutes triggers engineering review.

02

Layer 2 — Triage classification scope

The Triage model has a single narrowly-scoped task: classify intent type. Its system prompt explicitly instructs it not to follow any instructions within input content. It cannot be prompted to change behaviour — it can only classify.

03

Layer 3 — Boundary Keeper output patterns

The Boundary Keeper checks every artifact before it leaves the chain against configured output pattern rules. Adversarial output patterns are a built-in guardrail category. Any artifact matching an adversarial pattern is surfaced for review rather than passed.

DATA & PRIVACY

Model supply chain

Thalium routes all model calls through OpenRouter as the primary gateway. The default model across all chain roles is Gemini 2.5 Flash Lite. Direct Anthropic and OpenAI APIs are fallback paths only — activated automatically by the Router when OpenRouter is degraded, not by default.

All model calls are made through Thalium's own provider accounts. You never hold or manage provider API keys. Your data flows: your application → Thalium → OpenRouter → model provider.

Thalium does not train on subscriber data. The institutional ring is strictly scoped to your Brain Instance and is never pooled across tenants. We are pursuing zero-data-retention agreements with our fallback model providers. Until these are in place, current provider data terms apply: OpenRouter · Anthropic · OpenAI.

Sub-processors

Supabase Postgres database, Auth, file storage
Upstash Redis — anchors, queues, Coverage Map cache
Fly.io Application hosting (EU region)
OpenRouter Model gateway (primary)
Anthropic Model provider (fallback only)
OpenAI Model provider (fallback only)
Cloudflare API gateway, DNS, DDoS protection
Brevo Transactional email

DATA RESIDENCY

Where your data lives

Spark EU (Ireland)
Neuron EU (Ireland)
Lobe EU (Ireland)
Studio EU (Ireland)
Enterprise Sovereign deployment — region of your choice

US-East region available at Series A. APAC at Series B. Brain Instances are region-pinned at creation — all components (Redis, Postgres, compute) co-located in the same region.

ENCRYPTION

Encryption specification

At rest AES-256 on all Supabase Postgres data. Field-level encryption on institutional ring entry content.
In transit TLS 1.3 enforced on all connections — client to Cloudflare, Cloudflare to Fly.io, Fly.io to Supabase and Upstash.
Key management Encryption keys managed via Fly.io secrets store. Keys are never written to logs, code, or environment files.
GDPR erasure Entity IDs stored as HMAC-SHA256 hashes in the audit log. Key deletion renders all associated audit entries permanently unreadable — erasure without deletion.

TESTING & CERTIFICATION

Security programme

Penetration testing

Independent third-party penetration test before any subscriber data is processed in production. Covers Cloudflare edge, Fly.io endpoints, Postgres, Redis, API key scoping, cross-tenant isolation, and audit log tamper protection. Critical and high findings fixed before launch. Annual cadence thereafter.

Bug bounty

Private programme open to trusted security researchers at launch. Scope: all production API endpoints, web platform, Cloudflare edge configuration. Bounties: Critical £5,000–£10,000 · High £1,000–£5,000 · Medium £250–£1,000. Public programme at Series A.

SOC 2 Type II

Target certification within 12 months of launch. Gap assessment begins at month 3 post-launch. Controls are being designed to SOC 2 standards from day one.

Dependency scanning

Continuous automated scanning via Renovate and GitHub Dependabot. Critical or high CVE blocks the CI build. Security PRs reviewed within 24 hours of publication.

DISCLOSURE

Responsible disclosure

We welcome responsible disclosure from security researchers. If you discover a vulnerability, please contact us before publishing.

Contact security@thalium.io
Acknowledgement Within 24 hours
Triage Within 72 hours
Fix window 90 days before public disclosure (compressed if actively exploited)
Safe harbour Researchers who follow responsible disclosure and do not access subscriber data are protected