Home Data & Security Data and security: how your information is protected

Data and security: how your information is protected

Last updated on May 30, 2026

AOS runs inside founder-led companies, so data handling is built in from the start, not bolted on. The core principle is simple: customer data, secrets, and production access are walled off by default, and the five approval points are the only places they cross.

What is walled off by default

  • Customer data. Identifiable customer information stays inside your workspace. Any move that would put it outside (a vendor integration, an export, a third-party share, or an AI training opt-in) triggers an approval point and waits for you.
  • Secrets and keys. Credentials are not handed around freely. Integrations are granted deliberately, and the Security & Infra department can inventory keys, set a rotation schedule, and revoke stale or over-scoped ones.
  • Production access. Code deploys, infrastructure changes, billing rules, and security policy are all production-touching changes. AOS drafts and reviews every one; you flip the switch.

We do not train on your data

AOS does not retrain models on your data. An AI training opt-in is itself one of the gated "customer data leaving the boundary" decisions, so it cannot happen silently.

The evidence trail and audit-trail protection

Every artifact, draft, decision, and reviewer is captured in the evidence trail. Editing a logged decision or deleting evidence after the fact is the fifth approval point (rare, and the most important when it fires) so your audit history cannot be quietly rewritten.

Security as a standing department

Security & Infra is one of the eight departments, not an afterthought. It maintains the threat model and risk register, maps where PII lands, reviews access, triages CVEs in your dependencies, and keeps the evidence trail an auditor would ask for. Every artifact any department produces is also scanned by security as the fourth step of the review loop.

Compliance posture

AOS is built by Workforce AI Corp, which maintains a SOC 2 report available under NDA. If you need to answer a security questionnaire, the PII flow map and access reviews turn it into a copy job rather than a fire drill. For full details see the privacy policy and security posture pages on installaos.com.