Your data never leaves your network.

Sector88 runs on your hardware, inside your perimeter. Zero egress by default on paid tiers. No prompts, completions, or model content ever transmitted to us.

Last updated: April 2026

Talk to the team Explore the platform

[ Data security ]

What ships today.

Shipped features, not promises. This is how the platform works today.

Zero Egress

Pro and Enterprise make no outbound calls. No phone-home, no telemetry, no content collection. Licence validation is optional and runs fully offline. Your prompts, completions, model weights, and audit logs stay on the hardware you installed on.

Air-Gapped Install

Deploy from an internal registry, local mirror, or offline media. No internet dependency at any stage. Licences validated fully offline. Models loaded from local storage you control. The same install path supports classified facilities, SCIFs, and disconnected field sites.

Encryption

All API traffic encrypted with TLS 1.3. Data at rest encrypted using platform-native encryption on your infrastructure. Secrets managed through environment variables or your existing secrets manager. No keys stored by Sector88.

Audit Logging

Every administrative action is logged with user, timestamp, and action type. Prompt and response content is never captured. Logs are stored on your infrastructure, exportable in standard formats for your security team.

[ Access Control ]

Identity and access.

Single Sign-On

Hub supports SAML and OIDC. Use Okta, Azure AD, Google Workspace, or any compliant identity provider. Access delegated to your central identity management solution.

Role-Based Access

Hub roles map to your IdP groups. Administrators, operators, and viewers have distinct permission boundaries. Least-privilege defaults on every new role.

API Security

API key authentication, IP-based rate limiting, and brute-force detection on Pro and Enterprise. Prompt-free audit logs for every request. OpenAI-compatible endpoint hardened for production use.

[ Application Security ]

How we build software.

Secure SDLC

Code review required on every change. Static analysis and dependency vulnerability scanning in CI. Secure coding guidelines established and followed across the engineering team.

Supply Chain

All dependencies pinned to exact versions. Automated vulnerability scanning on every build. Software bill of materials (SBOM) available on request for enterprise customers.

Patch Management

Critical vulnerabilities patched and released within documented SLAs. Version notifications available through Hub for fleet-wide awareness. Customers control their own update schedule.

[ Telemetry ]

Exactly what Community sends.

Community Edition sends one anonymous heartbeat on first run and every 24 hours. The full schema is published below. Paid tiers send nothing.

Endpoint license.sector88.co/v1/telemetry
Transport HTTPS / TLS 1.3
Frequency First run, then every 24h

Set S88_TELEMETRY=off to disable completely.

Field Example
install_id UUID v4
version "0.7.1"
os "linux"
arch "x86_64"
gpu_family "cuda"
ram_bucket "16-64gb"
backend "llama.cpp"
timestamp ISO 8601

[ Compliance ]

Compliance roadmap.

Active engagements with current status. Contact us for the latest reports and documentation.

SOC 2 Type II

In progress

Controls in place, audit engagement starting. Contact us for a pre-audit summary of controls.

ISO 27001

In progress

ISMS scoped and gap analysis underway. Targeting certification within 12 months.

CISA Secure by Design

In progress

Engineering practices aligned with the CISA Secure by Design pledge. Formal sign-on in progress.

CSA STAR Level 1

In progress

Consensus Assessments Initiative Questionnaire (CAIQ) drafted. Self-assessment submission planned.

[ FAQ ]

Security questions.

[ Disclosure ]

Report a vulnerability.

If you believe you have found a security issue in Sector88 Runtime, Hub, or the website, we want to hear from you. Include a description, reproduction steps, affected version, and any proof-of-concept material.

Contact

security@sector88.co

Response Time

We acknowledge reports within 2 business days and work with you to validate and resolve the issue.

Coordinated Disclosure

We request 90 days from initial report before public disclosure. We will keep you informed of remediation progress throughout.

Safe Harbour

Good-faith security research conducted under this policy is authorized and will not be pursued legally. We will not initiate or support legal action against researchers who comply with this disclosure policy.

See also: security.txt

Questions about security?

Our engineering team can walk through the architecture, answer questionnaires, or discuss your compliance requirements.

Talk to the team