Trust & Security | Neai Labs

🔒 Data Isolation

Every tenant runs in a dedicated, isolated environment. Your enterprise data, knowledge bases, and agent interaction logs are never used to train public models.

🛡️ Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). API keys and secrets are managed through secure vaults with automated rotation.

⚡ High Availability

Deployed on Google Cloud managed services with health probes, strict upstream timeouts, and documented recovery procedures to preserve capability continuity.

🏛️ Legal Entity

Operated by Chuang Yao Cheng Limited, registered in Hong Kong. We comply with applicable data protection frameworks and maintain audit-ready records.

Identity & Authentication

User authentication is powered by Firebase Authentication, supporting multiple sign-in methods:

Email/password with enforced password complexity policy
Google OAuth 2.0 with verified redirect URI governance
reCAPTCHA Enterprise integration for bot protection during registration
Tenant-scoped session tokens for all stateful API requests

        Server-only secrets are never exposed in client-side runtime configuration. All API keys visible to browsers are
        publishable (read-only) keys.
      

Agent Gateway Security

All agent interactions flow through a secured CopilotKit gateway with the following controls:

Firebase ID token validation on every request — no anonymous access
Per-agent access control with project-level scoping
Streaming responses with server-sent events — no raw model API exposure
Thread-based conversation isolation per user session

Billing & Metering

Usage-based billing is enforced through tenant-scoped, idempotent usage events:

Agent run requests are linked by the gateway to usage ledger events before streaming responses
Usage records are isolated by tenant scope and validated against authenticated token claims
Idempotency is enforced with conflict keys on (tenant_id, event_id)
All billing events produce auditable records with request_id, timestamps, and usage fields

Compliance & Governance

Our platform governance ensures operational integrity through:

Machine-readable release gates — every deployment passes automated quality checks
Evidence-based release decisions with explicit PASS/FAIL verdicts
Workspace catalog constraints prevent unauthorized data domain mixing
Non-invasive integration posture — downstream systems are never silently mutated

Release evidence flow precondition: E03 control-integrity must pass for identity console controls before downstream semantic closure gates.

For data rights inquiries, audit requests, or compliance questions, contact wl@nea-i.com.