al
kemy

Security Architecture

Last Updated: November 10, 2025

Alkemy is built for consulting firms that handle highly sensitive client information and proprietary methodologies. We understand that your intellectual property is your competitive advantage, and protecting it is non-negotiable. That's why we're building security into every layer of our architecture from day one.

Our Security Philosophy

We're in the early stages of building Alkemy, but security isn't something we'll add later—it's foundational to how we're building the product. Our approach is simple:

  • Zero data exfiltration: Your data never leaves your control
  • Deployment flexibility: Choose the level of isolation that matches your risk profile
  • Open architecture: Not locked to any single AI provider
  • Single-tenant by default: Your data is isolated from other firms

Deployment Options

We offer three deployment models so you can choose the security posture that fits your requirements:

SaaS (Multi-Tenant)

Hosted by us with complete data isolation between firms. Each customer's data is stored in separate databases with encrypted access controls. Best for firms that want fast deployment without infrastructure management.

Best for: Boutique firms (10-50 employees) prioritizing speed and ease of use

VPC (Virtual Private Cloud)

Dedicated infrastructure deployed in your AWS account. You control the network, access policies, and compliance boundaries. We deploy and manage the application, but the data never leaves your cloud environment.

Best for: Mid-size firms (50-200 employees) with existing AWS infrastructure and compliance requirements

On-Premises

Fully air-gapped deployment in your data center. Complete control over infrastructure, network, and data. We provide the software and deployment support, you own and operate everything.

Best for: Large firms or those with strict data residency requirements

Zero Data Exfiltration

Your consulting IP is your competitive advantage. We've designed Alkemy to ensure your data is never used for anything beyond serving your firm:

  • No training on your data: We will never use your documents, projects, or methodologies to train AI models
  • Open source LLM support: Use Claude, GPT-4, Gemini, or open-source models like DeepSeek and Qwen. You're not locked to any vendor.
  • Your infrastructure, your rules: With VPC or on-premises deployment, your data never touches our servers
  • Audit logs: Track every access to your knowledge graph with comprehensive audit trails

Architecture for Data Isolation

Alkemy is built on a knowledge graph architecture that provides natural data isolation:

  • Neo4j property graph: Each firm's data lives in a separate database instance with no cross-contamination
  • Single-tenant by default: Following the Palantir model, every customer gets isolated infrastructure
  • Encrypted at rest: All data stored using AES-256 encryption
  • Encrypted in transit: All communications use TLS 1.3
  • Role-based access control: Granular permissions for who can access what within your firm

AWS Foundation

We're building on Amazon Web Services (AWS) for reliability and security:

  • Enterprise-grade infrastructure: AWS provides the foundation with SOC 2, ISO 27001, and other certifications
  • Infrastructure as code: Consistent, repeatable deployments using Terraform/CloudFormation
  • AWS security features: VPC isolation, security groups, IAM roles, KMS encryption
  • Regional data residency: Deploy in AWS regions that meet your compliance requirements (US, EU, etc.)

Our Commitment to Security

We're an early-stage company, and we want to be transparent about where we are and where we're going:

What We Have Today

  • Security-first architecture with data isolation built in from day one
  • Flexible deployment options (SaaS, VPC, on-premises)
  • Encryption at rest and in transit as standard
  • Open source LLM support to prevent vendor lock-in
  • Development on AWS infrastructure with infrastructure-as-code

Our 2026 Roadmap

  • Q1 2026: Third-party security audit and penetration testing
  • Q2 2026: SOC 2 Type I certification process begins
  • Q3 2026: GDPR compliance validation for European customers
  • Q4 2026: SOC 2 Type II certification
  • 2027+: ISO 27001, FedRAMP (for government contractors)

Data Encryption Standards

All data is protected using industry-standard encryption:

  • At rest: AES-256 encryption for all stored data (documents, knowledge graph, embeddings)
  • In transit: TLS 1.3 for all network communications
  • Backups: Encrypted backups with separate encryption keys
  • Key management: AWS KMS for encryption key management in cloud deployments

Access Controls

We implement strict access controls at every level:

  • Multi-factor authentication: Required for all user accounts
  • Role-based access control (RBAC): Granular permissions based on job function
  • Principle of least privilege: Users and systems only get access they need
  • Audit logging: All access to sensitive data is logged and retained
  • Session management: Automatic timeout and secure session handling

Working with Open Source AI Models

One of our key security differentiators is support for open source LLMs:

  • No vendor lock-in: Choose Claude, GPT-4, Gemini, or run DeepSeek/Qwen in your own infrastructure
  • Data residency control: Open source models can run entirely within your VPC or on-premises
  • Cost optimization: Use cheaper open source models for routine tasks, save premium models for complex analysis
  • Future-proof: As AI models evolve, you're not locked to a single vendor's roadmap

Responsible Disclosure

If you believe you've discovered a security vulnerability in our systems, we want to hear from you. We're committed to working with the security research community to keep Alkemy secure.

Please report security issues responsibly:

  • Email: innovate@devdashllc.com with subject line "Security Disclosure"
  • Include detailed steps to reproduce the issue
  • Give us reasonable time to address the issue before public disclosure
  • We'll acknowledge your report within 48 hours and keep you updated on our progress

Questions About Security

Security is an ongoing conversation. If you have questions about our security practices, want to discuss your specific requirements, or need additional documentation:

Contact us:
Email: innovate@devdashlabs.com

Why This Matters for Consulting Firms

Consulting firms live and die by their intellectual property. Your methodologies, client relationships, and project insights are what differentiate you from competitors. We understand that trust isn't built with compliance badges alone—it's built by giving you control over your data. Whether you need the simplicity of SaaS or the isolation of on-premises deployment, we're building Alkemy to protect what matters most: your competitive advantage.