EgretAI
Log inGet Started Free
Back to Blog
Compliance
5 min read

How Egret Handles Security and Data Isolation

Egret Team·

When organisations upload internal policies and procedures to Egret's private knowledge base, they need to know exactly how that data is handled. This post explains our security architecture honestly — what we do, how it works, and where we are as a platform in public beta.

Private knowledge base isolation

Every organisation's private documents are isolated at two levels:

Storage isolation — Private documents are stored in a dedicated S3 prefix scoped to your organisation: s3://egret-docs/orgs/{your-org-slug}/. Egret's public regulatory library occupies a separate prefix — s3://egret-docs/business-continuity/ — in the same bucket. Access to each prefix is controlled independently. Your documents are never co-mingled with another organisation's files.

Retrieval isolation — This is the more important boundary. Each organisation has its own dedicated Amazon Bedrock knowledge base — a completely separate index, not a filtered view of a shared one. When your query runs, retrieval happens against your org's knowledge base exclusively. There is no risk of another organisation's documents surfacing in your responses, or yours in theirs.

Egret's public regulatory content (Business Continuity, and future domains) also lives in its own dedicated Bedrock knowledge base, separate from all private org indexes.

Your documents never train a model

Egret uses Amazon Bedrock for both retrieval and generation. Bedrock's data processing terms are explicit: customer data is not used to train, fine-tune, or improve foundation models. Queries are processed and discarded — they do not persist at the model provider layer.

This applies to everything you upload: internal policies, procedures, and any sensitive organisational documents in your private knowledge base.

Encryption

All data at rest is encrypted with AES-256. Data in transit uses TLS 1.3. Encryption keys are managed through AWS Key Management Service (KMS) with automatic rotation.

Presigned URLs used for source citations in query responses are time-limited — they expire and cannot be reused to access documents indefinitely.

Infrastructure

Egret's backend runs on AWS using App Runner and RDS. The web application is hosted on Vercel. We are currently in public beta — our infrastructure is functional and secure, but we have not yet pursued formal compliance certifications (SOC 2, ISO 27001, etc.). If your organisation has specific compliance requirements, reach out and we can discuss our controls in detail.

What we're working on

Data isolation at the Bedrock knowledge base level is already in place. Infrastructure hardening — private VPC deployment, enhanced network-level isolation — is on our roadmap as we move beyond public beta. We'll be transparent about these changes as they ship.

Questions about our security architecture? Contact us at support@getegret.com.