Your research, your data.
Security primitives mirror the commitments on the landing page — with explicit notes on how BYOK and shared infrastructure interact.
Server-side model calls
API keys never reach your browser. Every model call is mediated by ResearchOne's backend, so prompts, attachments, and retrieval context stay inside the API trust boundary rather than leaking to client-side bundles or extensions.
Per-user isolation
Row-level security enforces strict access boundaries between accounts on shared infrastructure. Queries respect tenant context so one user cannot read another's corpus, runs, or exports — even when workloads share the same cluster.
Encrypted secrets
BYOK keys are encrypted at rest with per-user keys. They are never logged and never displayed back in plaintext after capture — operators rotate through the vault UI instead of copying secrets into tickets.
Export and delete
Your reports, corpus, and revisions can be exported or deleted from account settings. Deletion flows cascade to dependent artifacts where the schema allows, and audit logs record administrative actions for enterprise tiers.