Security & Privacy
ekai is designed with enterprise security requirements in mind. This document answers common questions about data protection, AI model usage, and privacy guarantees.
AI Models & Deployment Options
ekai uses different AI models depending on your deployment type:
| Deployment | LLM Models | Embedding Models |
|---|---|---|
| beta.ekai.ai (Multi-tenant SaaS) | Claude Sonnet 4.6, Gemini 3.1 Pro, GPT-5 mini | OpenAI text-embedding-3-large |
| Enterprise - Your Own Cloud (AWS) | AWS Bedrock Claude Sonnet 4.6, AWS Bedrock Claude Haiku 4.6 | Amazon Titan Text Embeddings V2 |
| Snowflake Native App | All Snowflake Cortex LLMs, Claude Sonnet 4.6, Claude Haiku 4.6 | Snowflake Arctic Embed m-v1.5 |
For enterprise deployments, we use only AWS Bedrock and Snowflake Cortex LLMs, which operate within your own AWS/Snowflake accounts with their native data privacy guarantees.
In Snowflake Native App deployment, everything must be in your enterprise-owned Snowflake account.
We plan to extend this approach to Azure and GCP deployments.
Data Usage & AI Model Training
Your Data is Never Used for Training
Your data is never used to train, fine-tune, or improve any AI (LLM) models.
ekai does not train, fine-tune, or develop any AI models. We are consumers of pre-trained foundation models provided by Anthropic, OpenAI, Google, and Snowflake Cortex, accessed via APIs or managed services (AWS Bedrock, Snowflake Cortex).
Your data is used solely for inference (generating outputs).
What We Store for Your ekai App
When you review and approve Entity Relationship Diagrams (ERDs), we store that feedback as context to improve the quality of subsequent ERD generations for your environment.
This is prompt context, not model training — the underlying AI models remain unchanged.
This review history is isolated to your ekai deployment and is never shared across customers or used outside your environment.
Data We Persist
The only data we persist:
- Metadata extracted from your data warehouse (schemas, table structures, column statistics)
- Your review feedback on generated ERDs (to improve future outputs within your deployment)
In Snowflake Native App or your own cloud infrastructure deployments, even this data stays in your control. Neither of these are used for any model training.
Data Isolation
Is Your Data Isolated from Other Customers?
Yes, completely. Isolation guarantees depend on your deployment type:
Enterprise Own Cloud (AWS)
ekai deploys entirely within your AWS account. Your data, metadata, and all AI inference calls stay within your VPC. There is no shared infrastructure with other customers — you own the entire stack.
Snowflake Native App
The application runs within your Snowflake account using Snowflake Container Services. Data never leaves your Snowflake environment. Each customer installation is a separate, isolated instance.
beta.ekai.ai (Multi-tenant SaaS)
This is our shared demo/evaluation environment. Customer data is logically separated at the application layer, but infrastructure is shared.
GDPR Compliance
How ekai Handles Personal Data
ekai's architecture is designed to minimize personal data exposure by default, and our platform includes built-in capabilities to support your GDPR compliance obligations.
What ekai Accesses from Your Data Warehouse
| Data Type | Accessed | Details |
|---|---|---|
| Database metadata | ✅ Yes | Schema definitions, table structures, column names, data types |
| Statistical profiles | ✅ Aggregated only | Null ratios, value distributions (aggregated, not row-level) |
| Row-level data | ✅ Accessed | Row-level data is accessed for profiling but not extracted or stored |
Optional Analytical Reports Feature
ekai offers an optional "analytical reports" feature. You have full control over granularity levels, and when analysis approaches PII-adjacent fields, you can configure ekai to skip those columns entirely or apply masking/pseudonymization before processing.
This feature is off by default — you decide if and how it's enabled.
GDPR Rights Support for ekai Platform Users
ekai maintains a relational data model for platform users, which enables full GDPR compliance:
| GDPR Right | How ekai Supports It |
|---|---|
| Right to Access | All user data (name, email, phone, activity) is visible in the User Management UI. Data Subject Access Requests can be fulfilled directly from the platform. |
| Right to Erasure | User offboarding removes all associated PII from the system. Complete deletion, not just deactivation. |
| Right to Rectification | Users and admins can update personal information directly through the UI. |
| Data Minimization | We collect only what's necessary: name, email, phone for user identity and communication. |
| Accountability | User activity and access logs are maintained for audit purposes. |
Deployment-Specific GDPR Considerations
-
Enterprise Own Cloud (AWS, Snowflake Native): All processing occurs within your infrastructure. ekai never transfers data outside your environment; you remain the data controller. GDPR obligations integrate with your existing governance framework.
-
beta.ekai.ai (Multi-tenant SaaS): Suitable for evaluation and testing. For production workloads involving EU personal data, enterprise deployment provides stronger isolation and control aligned with GDPR data residency requirements.
Data Ownership
What Rights Does ekai Take Regarding Your Data?
None. You retain full ownership of your data at all times.
Your Data Warehouse Data
ekai does not retain any of your actual data warehouse data. We process metadata to generate outputs; nothing is stored or transmitted outside your environment.
Generated Outputs
ERDs, semantic models, data catalogs, dbt code, transformed data — all belong to you.
What ekai Receives for Licensing
Usage metrics only: Number of users, schema agents and semantic models created/executed. This is for billing and subscription management.
Enterprise Deployments
For Enterprise Own Cloud (AWS) and Snowflake Native App deployments: All inputs and outputs remain entirely within your infrastructure under your control. For support purposes, we may request temporary access from you when and if required — never standing access.
Purpose Limitation
Is Your Data Used Only for Providing the Service?
Yes. Your data warehouse and enterprise documents data is used solely to deliver the service to you. Nothing else.
Not Done with Your Data
- ❌ No AI model training or fine-tuning
- ❌ No cross-customer benchmarking
- ❌ No sharing with third parties
Limited Data ekai Receives
- Usage metrics for billing: User count, models created/executed
- Your ERD review feedback: Stored within your deployment only, to improve your subsequent outputs
For enterprise deployments, all enterprise data processing stays within your infrastructure.
Aggregated & Anonymized Data
Does ekai Generate Aggregated or Anonymized Data?
No. ekai does not aggregate or anonymize your data warehouse data for any purpose.
What ekai Collects
- Usage metrics for billing: User count, schema agents and semantic models created/executed
- These are account-level counts only — no content, no data warehouse details
Can Individuals or Companies Be Identified?
No. Usage metrics contain no information about your data structures, content, or users beyond total counts tied to your subscription.
Confidential Information Protection
Your data warehouse metadata never leaves your environment (enterprise deployments). There is no aggregation pipeline that combines data across customers. We cannot infer your business logic, data structures, or proprietary information because we don't retain or process it outside your infrastructure.
Contact
For security questions or to report vulnerabilities:
- Security inquiries: security@ekai.ai
- Sales inquiries: sales@ekai.ai
Next Steps
- Deployment Options — Choose your deployment model
- LLM Configuration — Configure LLM providers