Your data security is non-negotiable. Here's exactly how Conexor protects it.
Your data stays in your network. The Conexor agent runs inside your infrastructure and connects outbound only — no inbound ports, no VPN tunnels, no exposed endpoints. Query results flow through the agent; your database is never directly accessible from the internet.
Learn about on-premise deployment →All database connection strings are encrypted at rest using AES-256-GCM with keys derived via PBKDF2 (100,000 iterations). Credentials are encrypted before they leave your browser — our servers only ever store ciphertext. Credentials are never logged, never cached, never written to disk in plaintext.
See how encryption works →AI can read your data, never write or delete it. Every query is validated at the protocol level to ensure only SELECT statements are executed. This enforcement is per-datasource and cannot be bypassed by prompt injection or adversarial queries.
Read about SELECT-only enforcement →Every AI query is logged with an immutable audit trail: timestamp, authenticated user, AI model, query template hash, parameter count, row count, and execution time. Logs are append-only and exportable to CSV or your SIEM. Built for SOC 2 and HIPAA compliance workflows.
Explore audit logging →No implicit trust at any layer. Every request is authenticated with scoped API keys, every query is authorized against per-datasource permissions, and every response is logged. The agent authenticates to the cloud with short-lived tokens — there are no persistent sessions or ambient credentials.
Our architecture is designed for compliance from day one. Immutable audit logs, encrypted credentials, scoped access controls, and data residency options are all built into the core platform — not bolted on as afterthoughts. SOC 2 Type II and HIPAA certifications are on our roadmap.
If you discover a security vulnerability in Conexor, we appreciate your help in disclosing it responsibly. Please report security issues to [email protected]. We will acknowledge receipt within 24 hours and work with you to understand and address the issue before any public disclosure.