Overview
How EgoX protects your data, your credentials, and your integration.
Security is a product property at EgoX, not an afterthought. This section explains what EgoX does on its side to keep your project, its data, and its integrations safe — and points to the policies that put it in writing.
Shared responsibility
EgoX secures the platform; you secure your account. Your two jobs: keep your API keys and MCP tokens secret, and verify webhook signatures on your tool endpoints (see Integrating securely with the SDK).
In this section
How we store your data
Tenant isolation, EU data residency, encryption in transit, and what lives where.
Your provider key (BYOK)
How your LLM provider API key is encrypted, used, and never brokered.
Integrating securely with the SDK
API-key auth, signed webhooks, and safe header forwarding.
Legal & compliance
Terms, Acceptable Use, Privacy, Subprocessors, and the DPA — on egox.io/legal.
The foundations
These guarantees underpin everything in the pages above.
Tenant isolation
Isolation between projects is enforced at the data layer, not just the UI. Every persisted row, every read, and every cache key is scoped by tenant — there is no "global" data path that bypasses tenancy, so one project can never read or write another's config, tools, knowledge, or conversations.
Credentials
| Credential | Where it's used | How it's protected |
|---|---|---|
API key (egox_live_… / egox_test_…) | Your backend → /egox/ask | Sent as X-API-Key; scoped to one project; rotatable and revocable. |
| Access tokens | Console / API sessions | Generate, list, extend, and revoke on demand. |
MCP token (egox_mcp_…) | Agents → the MCP server | Scoped per-project and per-permission; revocable from the Console. |
| Your provider key (BYOK) | EgoX → your model provider | Encrypted at rest (AES-256-GCM). Details → |
MCP access control
The MCP server that lets agents manage your tools and knowledge holds
zero secrets — it forwards the connection's token to EgoX, and all
authentication, scope checks, and audit happen on the backend. Token scopes
(tools:read, tools:write, rag:read, rag:write) are enforced server-side, every
connection is revocable, and agent-created content lands as a reviewable draft
(source = 'mcp').
Reliability & abuse protection
Critical guarantees layer multiple independent backstops, so no single failure can take the system down:
- Tool-call storm protection — dedup, a per-tool call cap, error classification, bounded transient retries, and an iteration cap stop runaway loops.
- Rate limits on the public API.
- Prompt-injection and RAG safety rails around retrieved content and model output.
- Locked vocabularies — fields with a finite value set are enforced by database
CHECKconstraints, so invalid state can't be written.
Observability & audit
Every meaningful runtime event surfaces as a metric, an audit row, or an operator signal — security-relevant activity is never invisible. Thread auditing in the Console gives a read-only, turn-by-turn view of every conversation, and usage analytics make anomalous traffic easy to spot.
Reporting a vulnerability
Found a security issue? Please report it privately to security@egox.io rather than filing a public issue. We investigate every report and will acknowledge receipt.