Security & Trust
Naboo deploys inside your perimeter, mirrors your source-system permissions, and never trains on your data. Here's the full posture - deployment, RBAC, audit, compliance, sub-processors.
Deployment - in your perimeter
Naboo runs inside the customer's infrastructure by default. We do not require data to transit Naboo-controlled servers. Three deployment modes are supported:
On-premises
Naboo runs entirely inside your data center. Zero outbound network calls from the agent's data path. The deployment model used by regulated industries (defense, healthcare, financial services) and customers with strict data-residency requirements.
Customer VPC
Naboo runs in your AWS / GCP / Azure VPC. No data egress to Naboo-controlled infrastructure. The default for most enterprise deployments.
Air-gapped
Naboo can operate without internet egress. The agent uses local model weights (open-source or fine-tuned) or your own LLM-gateway endpoint. Used by customers with full network isolation requirements.
Data handling
Native RBAC, enforced at retrieval
Permissions are mirrored from your source systems (GitHub teams, Jira projects, Slack channels, Confluence spaces, internal RBAC) and checked at every graph traversal. If a user can't see a Slack channel, an agent acting on their behalf can't read its content - even if the content is technically indexed.
No training on customer data
Naboo does not train any model on customer data. The agent calls your LLM (or your hosted endpoint) with structured context retrieved at query time. Customer data is never used to improve any model.
Encryption in transit and at rest
All connections between Naboo components are TLS 1.3. Data at rest is encrypted with AES-256. Encryption keys are managed via the customer's KMS where available (AWS KMS, GCP KMS, Azure Key Vault, HashiCorp Vault).
Audit logging at every query
Every agent query is logged: who asked, what was asked, which graph nodes were traversed, which permissions were checked, what was returned. Logs ship to the customer's SIEM (Splunk, Datadog, custom) by default. Retention policy is set by the customer.
Tenant isolation
There is no shared multi-tenant infrastructure. Each enterprise deployment runs in the customer's own environment with its own keys, its own data, its own audit trail. Naboo employees do not have routine access to customer data.
Compliance posture
| Standard | Status | Notes |
|---|---|---|
| SOC 2 Type II | In progress | Audit window underway. Letter of engagement available on request under NDA. |
| ISO 27001 | Roadmap (2026 H2) | Controls are being implemented against the ISO 27001:2022 framework. |
| GDPR | Compliant | Naboo is a data processor; the customer is the data controller. DPA available. |
| HIPAA | BAA available | BAA executed per customer engagement. Healthcare customers deploy in air-gapped or VPC modes by default. |
| Penetration testing | Annual | Independent pen-test conducted annually by a third-party firm. Latest report available under NDA. |
Updated 2026-06-30. Status changes between SOC 2 audit windows; ask security@naboo.ai for the current letter of engagement.
Sub-processors
For customer-managed deployments (on-prem, VPC, air-gapped) there are no sub-processors handling customer data. For the Naboo cloud control plane (used for billing, support, and observability only - never customer agent data), the sub-processors are:
- AWS (compute and storage)- Hosting for the Naboo cloud control plane (no customer data unless customer opts into managed deployment)
- Anthropic / OpenAI / customer's chosen LLM provider- LLM inference - called from inside the customer's environment with structured context
- Stripe- Billing and invoicing (no customer data)
FAQ
Where does customer data live?
In the customer's environment. Naboo's default deployment is on-prem or in the customer's VPC. Data does not transit to Naboo-controlled infrastructure unless the customer explicitly opts into a managed deployment. For air-gapped customers, no outbound traffic is required at all.
Does Naboo see our source code or tickets?
The Naboo agent running inside your environment reads from your source systems with the customer-provided service-account credentials. Naboo employees do not have routine access to customer data; access requires a customer-signed support engagement and is fully audit-logged.
Is Naboo SOC 2 certified?
SOC 2 Type II is in progress. We can provide a letter of engagement and a current controls matrix under NDA. Customers in regulated industries typically execute a security review with our security team before signing.
How does the LLM call work without leaking data?
The LLM call is made from inside your environment to either your own LLM endpoint (recommended) or to the LLM provider of your choice via direct egress. The structured context Naboo returns includes only data the requesting user is permitted to see (permissions are checked at retrieval, not post-hoc).
Can we run Naboo air-gapped?
Yes. Naboo can operate without internet egress when paired with a local LLM (open-source model weights or a customer-hosted endpoint). Customers in defense, intelligence, and certain healthcare workloads deploy this way.
How is access to the Decision Graph controlled?
By the user identity making the query. The agent acts on behalf of an authenticated user, and the user's permissions in each source system (GitHub teams, Jira projects, Slack channels, etc.) are mirrored into the graph and enforced at every node traversal. Users only see what they would see if they queried each source system directly.
What's the incident-response process?
Customer environments are owned by the customer; Naboo does not have routine production access. For control-plane incidents (managed deployments, the Naboo cloud), we follow a documented incident-response process with disclosure within 72 hours and a full post-mortem within 14 days. The IR runbook is available under NDA.
Where is the security team based?
Naboo's security function is led by the CTO (Dror Wolmer). Pen-testing is contracted with an independent third-party firm. For sensitive deployments we operate under a signed mutual NDA with the customer's security team and align on a joint controls matrix before deployment.
Related reading
Reasoning Layer for Enterprise AI Agents
Definition, architecture, and the two tiers - Topic Graph and Decision Graph.
Read moreDefinitionWhat is a Decision Graph for AI Agents?
Decisions as first-class nodes - owners, triggers, blockers, evidence. The primitive AI agents need to act.
Read moreHow-toHow to Build a Decision Graph
Seven concrete steps from elicitation to a queryable graph. Two to four weeks via Forward Deployed Agent.
Read moreCFO briefHow to Reduce LLM Token Costs
Don't meter the waste, cut the cause. Reasoning Layer vs observability and caching, compared.
Read moreGuideImprove AI Agent Accuracy
Accuracy is upstream of evals. Four causes of enterprise AI inaccuracy and how a Reasoning Layer fixes them.
Read moreArchitectureConnect Enterprise Data Sources
Live joins vs stale copies. Warehouse, ETL, knowledge graphs, and Reasoning Layer compared.
Read moreGuideOvercome GenAI Hallucinations
Hallucinations are a context-handoff problem, not a model problem. Four causes, one upstream fix.
Read moreROIHow Naboo Saves Cost
Five places Naboo cuts cost in enterprise AI deployments. Four-minute explainer video.
Read moreHubCompare Naboo
Every category enterprise AI buyers weigh against the Reasoning Layer - in one place.
Read moreComparisonNaboo vs Helicone
Reasoning Layer cuts the cause; Helicone measures the waste. Composable.
Read moreComparisonNaboo vs Langfuse
Different layers. Langfuse versions + traces; Naboo grounds the agent.
Read moreComparisonNaboo vs LlamaIndex
RAG framework vs Reasoning Layer. When to use each.
Read moreComparisonNaboo vs LangChain
Orchestration vs substrate. Compose them.
Read moreBackgroundWhy retrieval was the wrong foundation
How enterprise AI agents got built on RAG, why it falls short, and what a reasoning layer fixes.
Read moreComparisonNaboo vs RAG
Retrieval vs reasoning - head-to-head benchmarks, architecture, and when to use each.
Read moreComparisonNaboo vs Glean
Enterprise search vs reasoning layer - when each fits.
Read moreConceptAI Search vs Reasoning Layer
Search returns links; the reasoning layer returns the chain. When to use which.
Read moreCase studyGlobal-E case study
How Global-E (NASDAQ: GLBE) gave AI agents secure access to customer data.
Read moreComparisonCompare alternatives
Naboo vs other enterprise AI agent infrastructure platforms.
Read moreNeed the full security packet?
SOC 2 letter of engagement, controls matrix, latest pen-test summary, sample DPA / BAA, and the incident-response runbook are available under NDA. Email security@naboo.ai or book a 20-minute security review.