Trust & Security Architecture
1. AI Inference Request Flow and Data Boundaries
AI Request Scoping and Data Minimization. Each model request is constructed from (1) your prompt, (2) any explicitly attached files, and (3) only the subset of workspace memory retrieved for that request. Context inclusion is scoped to the active workspace and user permissions, and we avoid injecting unrelated historical data by default.
Controlled Egress to Model Providers. Requests to external AI models are routed through a controlled gateway layer that enforces policy (authentication, authorization, request scoping), applies consistent security headers, and centralizes access logging.
Data Isolation. Workspace data is logically isolated. Team memories are retrieved only when relevant to your specific query and are never shared across different organizations.
2. Cloud-Native Infrastructure
Managed Cloud Environment. Playgram runs on managed cloud services and does not operate physical servers. We rely on providers with mature security programs, including SOC 2 Type II and ISO 27001 where applicable, to support availability and physical security.
Encryption in Transit. All data transmission (between your browser, our application logic, and the AI providers) is encrypted using standard HTTPS (TLS 1.2+) protocols.
Access Control. Access to your workspace data is governed by strict application-level logic, ensuring only authenticated users within your organization can retrieve stored memories.
3. Data Retention & Control
Active Workspaces. We retain your Team, Project, and Personal context indefinitely for paid workspaces in good standing, ensuring your "Infinite Memory" remains available.
User Right-to-Delete. You maintain full control. You can delete specific conversation threads or memory contexts at any time. Deleted items are removed from active retrieval and indexing.
Inactive Workspace Policy. To maintain security and performance, free workspaces that are inactive for over 30 days are subject to data deletion.
4. Verified Sub-processors
| Provider | Function | Security Standard |
|---|---|---|
| Bubble.io | Application Hosting & Database | SOC 2 Type II Compliant |
| DigitalOcean | Cloud Infrastructure | SOC 2 Type II, ISO 27001 |
| Weaviate | Vector Database (Memory Storage) | SOC 2 Type II (Cloud) |
| Supabase | System Logging & Audit Trails | SOC 2 Type II; HIPAA eligible (BAA available) |
5. Security Testing
Vulnerability Assessments. We conduct periodic security assessments and penetration tests involving trusted security researchers to identify and remediate potential risks.
Rapid Patch Management. By utilizing managed infrastructure, we rely on managed service providers for underlying platform and infrastructure patching, and we prioritize application-level security fixes based on severity and exploitability.
6. Incident Response & Notification
Status Monitoring. We continuously maintain internal observability across core services and upstream dependencies using metrics, logs, and alerting to detect, triage, and remediate reliability incidents.
Forensic Logging. We use Supabase to maintain centralized audit logs of critical system actions and API usage, supporting investigations with timestamped event records and controlled access.
Data Breach Notification. In the event of a confirmed security breach involving the accidental disclosure or unauthorized access of Memory Data, Playgram is committed to notifying affected workspace administrators without undue delay after confirmation.
Mitigation Strategy. Because our architecture is modular, we can rapidly isolate affected components (e.g., disabling a specific AI provider or pausing MCP connections) to contain potential threats without taking the entire platform offline.