SECURITY

A Data Agent that doesn't ask you to trust it.

Tablize is built so the security-conscious version of you stays in control: your data, your keys, your decisions. The agent's job is to help you analyze — not to acquire access it doesn't need.

Core principles

Your data stays in your workspace

Every Tablize workspace is a dedicated machine with its own PostgreSQL instance, its own S3 storage, its own MQTT broker. Workspaces never share storage. Your data isn't commingled with anyone else's, including ours.

You can self-host

The Tablize runtime is open source. From Pro tier upward, you can run the entire platform on your own infrastructure — your servers, your VPC, your data never leaves your perimeter. The cloud and self-hosted versions ship the same binary.

You bring your own LLM key (or use ours)

You can supply your own Anthropic, OpenAI, or other provider API key. The agent will route through your account; your prompts and your data never touch our pooled LLM credits. If you use the Tablize-managed LLM pool, prompts and responses pass through our LLM router but are not retained beyond the request.

Read-only by default for connected databases

When you connect a Postgres or MySQL database to Tablize, the recommended configuration uses a read-only role. The agent reads, queries, analyzes — but cannot modify or drop. Write access is explicitly opt-in per database, with all writes routed through the Confirmation Center for human approval.

How we handle data

In transit

All traffic to tablize.com, app.tablize.com, and per-workspace machines uses TLS 1.3. HSTS is enforced. MQTT connections to your broker use TLS by default (port 8883).

At rest

Workspace PostgreSQL and MinIO storage volumes are encrypted at rest on Fly.io infrastructure. Self-hosted deployments inherit your storage encryption setup.

OAuth credentials

Third-party integration credentials (Shopify, Stripe, HubSpot, etc.) are stored in a credential vault using libsodium sealed boxes. Even Tablize operators cannot read them.

Backups

Managed workspaces are snapshotted nightly with 7-day retention. Self-hosted users own their own backup strategy.

Free tier ephemerality

Free workspaces run in ephemeral pods. Uploaded data is analyzed in-memory and discarded when the session ends. No persistence.

Operational controls

Authentication

Email + password for workspace accounts. SSO (SAML / OIDC) on the Max and Enterprise tiers.

Role-based access control

Workspace roles: owner, admin, member. Members can chat with the agent; viewers can see saved Reports and Dashboards but cannot consume agent compute. Sensitive operations route through the Confirmation Center.

Audit logging

Pro tier and above keep an audit log of all sensitive operations: integration connects, credential changes, role changes, data exports, public share-link creation. Logs are exportable on Max / Enterprise.

Public share links

Dashboards can be shared via public link only when explicitly published. Public links are revocable. Optional passcode protection and email-domain allowlists are available.

Confirmation Center

Any write or destructive action proposed by the agent is staged in the Confirmation Center for human approval. There is no path by which a user prompt can directly mutate production data without an approval step.

Compliance status

Tablize is in a deliberate early stage and we're honest about what that means: we don't yet hold SOC 2 Type II or ISO 27001 certifications. We are building toward SOC 2 readiness through Drata-style controls (access reviews, change-management policies, vendor reviews), with an audit window planned. For regulated industries today, the self-hosted option is usually the right fit — you inherit your own compliance posture.

Reporting a vulnerability

We take security reports seriously. Email security@tablize.com with details. We commit to acknowledging your report within 48 hours and treating researchers operating in good faith with safe harbor.

Questions we haven't answered here

Different teams care about different specifics. If your security review needs detail not covered above — penetration test results, DPA, sub-processor list, specific control documentation — email security@tablize.com and we'll respond.

Self-host Tablize

For the strictest data sovereignty requirements, run Tablize on your own infrastructure. The same binary, your servers, your network perimeter.

See self-hosting