Security & Compliance

Angus Intelligence is designed to provide a secure, privacy-preserving environment for cloud-based analytical workflows.

Effective Date: December 8, 2025

This Security & Compliance Statement describes how data is processed, protected, and managed within the system. It does not modify the Terms of Service or Privacy Policy, but provides transparency into how the platform operates.

1. Data Processing & Storage

1.1 User-Controlled Data Handling

Documents, text, and files uploaded into Angus Intelligence are processed for the duration of the user's session. The platform does not retain user data beyond what the user saves to their workspace.

Users have full control over:

  • Uploading files
  • Removing files
  • Saving or deleting extracted content
  • Exporting drafts

1.2 No Training on User Data

Angus Intelligence does not use user inputs, outputs, or stored materials to train or improve machine learning models. Third-party model providers (e.g., OpenAI) also do not use API-submitted data for training.

2. Encryption & Transmission Security

2.1 Encryption in Transit

All communications between the user's browser, the Angus Intelligence server, and third-party APIs are encrypted via HTTPS/TLS.

2.2 API Request Security

Model calls to OpenAI or other providers use encrypted channels and user-controlled API keys.

3. Access Controls

3.1 Account Authentication

Each user account is secured through password-protected login credentials. Authentication is handled through industry-standard encryption and session management.

3.2 API Key Control

Users supply and manage their own model API keys within Settings. Keys are stored securely and never exposed in client-side logs or displayed once entered.

4. Operational Security

4.1 Frontend + Backend Isolation

The platform architecture separates the web interface (Next.js frontend) from the processing environment (FastAPI backend), reducing exposure and limiting attack surface.

4.2 No Direct External Access to Internal Services

Backend services are not directly accessible from the public internet except through authenticated routes. Only approved endpoints are exposed.

5. Third-Party Providers

Angus Intelligence uses third-party providers for secure hosting, payment processing, and model inference. These providers maintain their own compliance and security certifications (e.g., SOC 2, PCI, ISO 27001).

Examples include:

  • Stripe — payment processing (PCI compliant)
  • OpenAI — model inference (SOC 2)
  • Hosting platform (e.g., Vercel, Render, or your cloud host)

Users may review third-party security documentation independently for additional assurance.

6. User Responsibility

Users are responsible for:

  • Maintaining the confidentiality of their account credentials
  • Ensuring they have legal rights to upload materials
  • Complying with the Acceptable Use Policy
  • Verifying outputs before use in any professional context

7. Incident Response

If a security concern or suspected incident arises, users may contact:

security@angus-intelligence.com

Each report is reviewed promptly, and steps are taken to evaluate and mitigate risk.

8. Service Availability

Angus Intelligence uses commercially reasonable efforts to maintain reliable uptime and provide scheduled maintenance windows. Unexpected outages do not entitle users to refunds but are addressed as promptly as possible.

9. Future Enhancements (Angus Station)

Future versions may allow optional intranet or offline processing ("Angus Station"). When available, those deployments will include an updated, separate Security Statement tailored to on-premise use.