Back to Antares OSTrust Center

What a security team can verify, not just take on faith.

Antares OS reads a company's documents and answers from them through a cited Advisor (department AI employees on the same data are on the roadmap). That only works if the data handling is honest and specific. This page is the honest, specific version — current as of June 2026.

6 active sub-processorsBYOK — inference on your own key30-day deletion on request
Data flow

Six sub-processors, each for one job.

These are the external services that process your data, with where they run and what they do. The authoritative, version-controlled list ships in our DPA / security-review pack.

Vercel US · global edge
Application hosting and serverless compute. Every request to the product runs here; it processes data in transit but is not a data store.
Hosting · Compute
Supabase US
Primary database, authentication, and row-level security. Your business data lives here.
Database · Auth
Anthropic US
LLM inference that powers the cited Advisor (and department AI employees when they ship), called through your own provider key.
AI inference
Voyage AI US
Generates the embeddings that index your documents into the knowledge graph — on your Voyage key when you supply one, otherwise a platform key.
Embeddings
Sentry US
Error and exception monitoring. No conversation content or business data is sent to it.
Error monitoring
Resend US
Transactional email (sign-up verification, account notifications). Receives recipient addresses and message content — never your business data or AI conversations.
Email

A note on the other AI providers. The app can store a Bring-Your-Own-Key for OpenAI, xAI, OpenRouter, and Google Gemini if you choose to add one, and our content-security policy allowlists their hosts so a saved key can be validated. Those keys are not used to run anything today— only Anthropic and Voyage back execution — so they are not Antares sub-processors. We would rather over-disclose this than let a host in our CSP read as a hidden data path.

Encryption

Your provider key is encrypted before it is stored.

The most sensitive secret you give us is your AI provider key. It gets its own application-layer encryption, on top of the platform's transport and storage encryption.

Your BYOK key

AES-256-GCM, app-layer

We encrypt the key in our application before it reaches the database, so a database compromise yields ciphertext only.

AlgorithmAES-256-GCM — a 256-bit authenticated cipher
Per-record IVA fresh random initialization vector for every key
IntegrityA GCM auth tag is verified on read; tampered ciphertext fails closed
ExposureThe plaintext key is never returned by the API— only an encrypted record and the last 4 characters are stored
Your business data

Encrypted in transit and at rest

Your North Star, workflows, chats, documents, and metrics are stored in Supabase (Postgres) on US infrastructure.

  • TLS on every connection, in transit
  • Encrypted at rest on Supabase's platform
  • Backups encrypted per Supabase's default policy

To be precise: the application-layer AES-256-GCM above protects the BYOK key specifically. General business-data encryption rests on Supabase's platform encryption, not a second app-layer cipher.

Bring your own key

Inference runs on your key, or it does not run.

LLM inference for the cited Advisor goes through your organization's own Anthropic key — a missing key returns an error (HTTP 412), never a silent fallback to ours. Document embeddings use your Voyage key when you supply one, otherwise a platform Voyage key. The same routing covers department AI employees when they ship.

How it routes

Your key, your account

  • Inference requests are signed with your Anthropic key, billed to your account
  • A missing Anthropic key returns an error on inference routes — not a fallback to ours
  • We do not train on your data, and your data does not train a third-party model
Why it matters

No shared inference pool

Because inference runs on your own account, your prompts and completions are governed by your agreement with the provider, not pooled into ours. You hold the relationship with the model vendor; we hold the orchestration.

Tenant isolation

One company can never read another's data.

Every organization is its own tenant, scoped by organization_id. Direct reads run under Postgres Row-Level Security in the database; the server-side paths that use the service role — such as Advisor retrieval — enforce the same organization scope in application code and RPCs. Both layers gate every query to one tenant.

Acme Coorg_id: a1f…
North Star, Growth & Delivery, Scorecard
AI Employee chats and Advisor history
Documents, knowledge graph, embeddings
Approved workflows and learning records
Cannot read org_id: b7c…
Borealis Incorg_id: b7c…
North Star, Growth & Delivery, Scorecard
AI Employee chats and Advisor history
Documents, knowledge graph, embeddings
Approved workflows and learning records
Cannot read org_id: a1f…

RLS policies live in the database migrations and gate every read and write by the requesting user's organization. A new tenant is tested in isolation before any real data is loaded.

Retention & deletion

You can leave with everything, and be erased.

No lock-in. You own your data while you are with us and you take it when you go.

Export

On request

Deletion

Within 30 days of request

  • Request account and data deletion and we complete it within 30 days
  • Email support@antaresos.app to start it
Compliance posture

Where we actually are, stated plainly.

We will not claim a certification we do not hold. Here is the real status of each item a diligence checklist asks about.

PlannedSOC 2. SOC 2 is on the roadmap, not yet in progress and not certified. We will publish the report and audit window here when the path begins.
In progressSecurity-review pack. A DPA and sub-processor list for the 2026 cohort are being assembled. Ask and we will share the current draft under NDA.
BetaProduct stage. Antares OS is a beta-stage product. The posture on this page reflects what is true today, and we update it as the product matures.
Not compliantHIPAA. Antares OS is not HIPAA-compliant. Do not enter Protected Health Information (PHI) — patient names, session notes, or diagnoses — into the platform.

The full data-handling detail lives in our Privacy Policy. If your security review needs something this page does not cover, ask — we will answer in writing.

Live trust metrics

The evidence store, once it is filling.

Antares records the evidence behind its own answers: which sources grounded a response, whether a citation was attached, how fast feedback was closed, and audit events. We will surface those as live numbers, per tenant.

Illustrative layout. These metrics go live per-tenant as the evidence store fills — no figures below are real.

Illustrative
Grounded-answer rate
Illustrative
Citation coverage
Illustrative
Feedback-closure time
Illustrative
Audit-event volume
Asked on the security call

Short, direct answers

No. LLM inference routes through your own Anthropic key, and your data is never used to train a third-party model. The knowledge graph the system builds from your documents stays private to your tenant.

You export everything. Request a full export of your data and we provide it, and we delete your tenant within 30 days of the request. There is no lock-in clause in the contract.

No. Every row of business data is scoped by organization_id — direct reads under Postgres Row-Level Security, and server-side service-role paths (like Advisor retrieval) under the same organization scope enforced in application code and RPCs. A query for one organization can never return another organization's rows.

The security-review pack — DPA plus the current sub-processor list — is in progress for the 2026 cohort. Email security@antaresos.app and we will share the latest draft.

Running a security review?

We will share the DPA, the sub-processor list, and answer follow-ups in writing.

Contact security@antaresos.app