Security by design

Trust is part of every answer.

Engine 64 is designed for customer-facing AI, where visitor input, business content, integrations, and model output all cross important boundaries. Our approach keeps those boundaries explicit from ingestion to response.

Tenant boundaries

Your organisation and agents stay scoped

Product data is scoped to the owning organisation and, where applicable, the individual agent. Authenticated workflows validate membership or authorised support access before returning tenant-owned data.

  • Organisation-scoped product data
  • Agent-scoped knowledge and conversations
  • Role and membership checks
  • Tenant-boundary verification
Public widget

Publishable access without exposing ownership

Widget requests resolve their scope from a publishable key lookup, then verify agent ownership and allowed website domains. Secret material is not embedded in the public widget.

  • Hashed publishable key lookup
  • Allowed-domain enforcement
  • Agent ownership validation
  • Rate-limited public routes
AI and retrieval

Retrieved content is evidence, not instruction

Website pages, uploaded documents, and visitor messages are treated as untrusted input. The assistant is instructed to use retrieved content as evidence while preserving operator rules and refusing to follow conflicting instructions found inside that content.

  • Prompt-injection boundaries
  • Scoped corpus retrieval
  • Missing-evidence behaviour
  • Input and output moderation
Ingestion and outbound

Connections are constrained at both edges

Customer-configured URLs pass through SSRF controls, redirect checks, timeout handling, and destination policies. Outbound integration delivery uses guarded requests and provider-specific destination restrictions where available.

  • Private-network address blocking
  • Redirect and URL validation
  • HTTPS destination policies
  • Timeout and delivery records
Operations

Controls that fail deliberately

Production rate limiting uses a shared backend. Operational health checks, structured logs, error monitoring, audit records, and explicit rollout controls support safe changes without silently widening access.

  • Shared production rate limits
  • Structured observability
  • Explicit rollout controls
  • Documented incident workflows
Transparency

Clear policies and named sub-processors

Our privacy policy explains how personal information is handled, our terms set the service boundary, and our sub-processor page lists the providers used to deliver the platform. Security or procurement questions can be sent directly to our team.

  • Privacy policy
  • Terms of service
  • Sub-processor register
  • Direct security contact

Have a security question? Bring it to the people building the platform.

Tell us about your requirements and we will answer plainly, with the relevant technical or policy detail.