Start for free

Security

Built for sensitive business data and governed AI analysis.

Permute connects to financial, operational, customer, and document systems, then lets agents analyze that data on behalf of business teams. Security is designed around that reality: isolated workspaces, protected credentials, zero-trust sharing controls, traceable outputs, and procurement-ready controls.

Zero-trust sharing, built in

Permissions follow the data and the work.

Every source, dashboard, report, artifact, reconciled output, and agent-generated answer is governed by explicit access checks when it is opened, shared, or reused.

Security review

The core questions procurement teams ask.

Access and isolation

Workspace boundaries, authenticated users, scoped API paths, and built-in zero-trust permissioning for shared work.

Data protection

Encryption, credential handling, warehouse storage, generated artifacts, and customer-specific data retention needs.

AI governance

How agents retrieve context, run queries, exchange data with model infrastructure, cite evidence, and keep analysis reviewable by humans.

Posture

Controls that match how Permute handles data.

Permute is not a generic chatbot over uploads. It connects to systems of record, builds an analytical data layer, runs agents and SQL over scoped context, and produces reviewable business outputs. The control surface follows that flow, with permission checks built into how work is shared.

Encryption by default

Customer data is protected in transit and at rest across the application, warehouse, file storage, and credential storage layers.

Workspace isolation

Permute treats the workspace as the primary security boundary so datasets, generated outputs, search indexes, and agent context stay scoped to the right customer.

Zero-trust sharing

Built-in permissioning controls sharing across sources, dashboards, reports, artifacts, reconciled outputs, and agent answers. Access is explicitly granted and checked when work is opened.

Credential protection

Connector credentials are encrypted, access is limited by least privilege, and sensitive provider payloads are separated from user-facing analysis outputs.

Role-based access

Access to sources, reports, and workspace resources is governed through authenticated users, workspace membership, and scoped API paths.

Audit-ready activity

Platform activity is logged around major request, queue, and processing boundaries so security reviews can trace what happened and where.

Traceable AI outputs

Permute is built for evidence-backed analysis, not opaque chat. Answers and reports are grounded in connected sources, query results, and cited context.

Reliable processing

Long-running syncs, agent jobs, and report generation use queue-based processing with failure handling instead of fragile browser or notebook workflows.

Retention and deletion paths

Data lifecycle controls are designed around customer workspaces, connected sources, generated artifacts, and warehouse documents.

Product security model

Security follows the data path.

The most important controls sit where customer data enters, where it is transformed, where agents use it, and where outputs are delivered back to teams.

01

Connectors

Finance, CRM, docs, warehouse, and operational systems

02

Workspace data layer

Isolated storage, schemas, warehouse tables, and search indexes

03

Agent runtime

Scoped context, validated tools, traceable SQL, and evidence retrieval

04

Governed outputs

Dashboards, reports, reconciled entities, exports, and reviewable findings

AI data handling

How customer data reaches the AI runtime.

Permute's back-end AI path is built around scoped context, customer-authorized connectors, Bedrock-hosted model infrastructure, and reviewable outputs. See the Data Processing Agreement for subprocessor coverage for Amazon Web Services and Bedrock-hosted model infrastructure. Security reports and control evidence are distributed under NDA as completed and applicable.

Scoped model context

Agents assemble prompts from the user request, authorized workspace context, query results, retrieved evidence, and tool outputs needed for the task. They do not receive an entire customer workspace by default.

Bedrock-hosted inference

Foundation model calls are routed through Amazon Bedrock-hosted model infrastructure for requested Service features, with Bedrock inference profiles used for controlled runtime routing and observability.

Customer-controlled data exchange

Connected integrations are selected and authorized by the customer. Connector access is limited to the credentials, scopes, and source data needed to provide the requested analysis, sync, dashboard, report, or automation.

Reviewable agent work

Agent outputs are designed around traceable SQL, retrieved evidence, generated artifacts, logs, and processing boundaries so customer security teams can review what data supported an answer or report.

Audit and reports

Independent security review and customer diligence.

Permute uses Mycroft as its security and compliance platform for internal control management, evidence workflows, and audit readiness, and works with an independent auditor on SOC 2, HIPAA, and GDPR-aligned control review. As reports, attestations, and supporting security materials are completed and applicable to a customer review, we provide them under NDA or equivalent confidentiality controls.

Mycroft security and compliance platform for internal control management and evidence workflows

Independent auditor-led SOC 2, HIPAA, and GDPR control review

Security reports, attestations, and control evidence as completed and applicable

Confidential distribution under NDA or equivalent confidentiality controls

Customer-specific security questionnaires and architecture walkthroughs

Team

Built by people who have secured real operating systems.

Security and data platform engineering

One founder spent four years in cybersecurity at an anti-phishing and impersonation startup acquired by Mimecast, then a decade building data and ML platforms and securing sensitive data systems.

Government, space, and finance operations

The other founder served as COO in space technology working with government and satellite systems, and previously engineered financial data warehouse systems at Mesirow and Morgan Stanley.

Security review

Bring us into your security process early.

We can walk through architecture, data handling, control status, and customer-specific requirements with your security, legal, and procurement teams.

Schedule a security review
  • Zero-trust permissioning and sharing controls
  • Security questionnaires and procurement review
  • Architecture and data-flow walkthroughs
  • Security and privacy requirements review
  • Customer-specific data handling and retention review