Security & trust

Built like infrastructure, not a feature.

You’re handing an operator the keys to your business, so the security is real: architected for isolation, ownership and auditability from day one, not patched in after launch.

The rule that matters most

The human approval gate.

Nothing goes outbound, nothing gets deployed, and nothing gets spent without a person saying go. Andy drafts, stages and proposes. A human approves. That gate sits in front of every action that leaves your machine, including:

You can see exactly what this looks like in practice on the how it works page: every outbound step waits for your approval before it runs.

The architecture

Eight controls, built in.

Isolation

One customer, one machine

Every customer runs on a dedicated, isolated cloud VM. No shared runtime, no shared database, no co-mingled prompts or files. Your Andy can’t see another customer’s data because it physically isn’t there. Tenants are separated at the infrastructure layer, not by a checkbox in a database.

That machine is where everything about your deployment lives: the memory, the files, the credentials, the rules. Isolation isn’t a security add-on. It is the architecture the whole product is built on.

See what runs on that machine
Secrets

Encrypted, vaulted credentials

Every integration token and key is stored vault-encrypted and scoped to your tenant. Secrets are never logged, never echoed, never shared across tenants.

Ownership

You own the brain

No single AI vendor can hold your operator hostage. We swap the underlying model without touching your data or your workflows.

Access control

Least privilege by default

Andy only gets the integrations you grant, with the scopes you approve. Outbound actions like sending mail are gated behind explicit confirmation.

Auditability

Every action is traceable

Actions run through a logged, observable layer. You can see what Andy did, when, and against which system. Built for trace replay and review, not a black box.

Data residency

Your data stays put

Memory, files and history live on your machine, under your control. Deployments can be placed in the region you need, with compliance controls layered in where required.

Resilience

Backed up and recoverable

Memory and configuration are versioned and recoverable. Updates are pull-based and roll back cleanly, so an update never costs you state.

No lock-in

Portable by design

Your configuration, rules and memory are yours, in open formats. The relationship is built on the work it does, not on trapping your data.

In plain language

What that means day to day.

Healthcare-grade where it counts. Andy Labs grew out of running a real healthcare company, where careless data handling isn’t an option. For businesses that touch regulated data, PHIPA and HIPAA-aligned controls are built into the deployment. You can see that company running on Andy today on the proof page.
Security FAQ

The hard questions, answered.

How is my data separated from other customers?

Every customer runs on a dedicated, isolated VM with its own memory, files and credentials. There is no shared database or shared runtime. Your Andy cannot access another customer’s data because that data isn’t on your machine.

Can Andy send or delete things on its own?

You set the boundaries. Outbound actions like sending email are gated behind your explicit confirmation, so Andy drafts and proposes but you approve. Andy won’t take irreversible actions without your sign-off and won’t touch systems you haven’t granted. Over time you loosen the leash on the things you trust.

Am I locked into one AI vendor?

No. The engine is model-agnostic. We route each task to the right model and can change models without touching your data or workflows. You own the configuration and memory.

More questions? The full FAQ lives on the get started page, and every one of them is fair game on the demo call.

Ask us the hard security questions on the demo call.

Book a demo