Sign up Open dashboard

Last updated: May 18, 2026

Security

Security is the reason customers pick a managed AI stack over rolling their own. Here is how we protect your data and what to do if you spot a problem.

Workspace isolation

Every customer runs in a dedicated, fully isolated workspace with its own network and storage. LiteLLM, n8n, and Open WebUI never share state across workspaces. A workspace's credentials cannot reach another workspace's API.

Encryption

  • In transit: all connections use TLS 1.2+ with modern cipher suites. HSTS is enabled across our domains.
  • At rest: workspace volumes and database snapshots are encrypted with AES-256.
  • Secrets: API keys and webhook secrets are stored in a managed secret store and injected into Workers at runtime; they never land in source control.

Authentication and access

  • User identity is handled by Clerk. You can require MFA for your organization from the dashboard.
  • Internal access to production is gated by SSO with hardware-backed MFA and limited to a small on-call group.

Backups and recovery

On plans that include backups, workspace data is snapshotted daily and retained for 7 days (Pro) or 15 days (Max); the Plus plan does not include backups. Backups are encrypted and stored in a separate region from the primary workspace. Our target recovery objectives are RTO 4 hours and RPO 24 hours.

Patching and updates

We track upstream releases of LiteLLM, n8n, and Open WebUI and rebuild images on a regular cadence. Critical CVEs are patched within 72 hours of public disclosure; routine updates roll out during a maintenance window announced in the dashboard.

Monitoring

We log application errors, request rates, and workspace-level health metrics, and we alert on-call when anything strays from baseline. We do not log the content of your prompts, n8n workflow data, or chats.

Sub-processors

See the privacy policy for the current list of sub-processors and their roles.

Vulnerability disclosure

If you believe you have found a security vulnerability, email security@evensys.ai. Please include reproduction steps and the affected URL or workspace ID.

We commit to:

  • Acknowledge your report within 48 hours.
  • Provide a triage decision within 5 business days.
  • Not pursue legal action against good-faith researchers who follow responsible disclosure: do not access another workspace's data, do not degrade the service, and give us a reasonable window to fix the issue before publishing.

Reporting an incident

If you suspect your account has been compromised, rotate your password and active tokens immediately, then email security@evensys.ai. We will investigate, contain, and — where required by law — notify affected customers within 72 hours.