Encrypted.
Audited. Yours.
Litericaai is built on the assumption that your unpublished work is the most sensitive thing on your computer. We treat it that way at every layer of the stack.
PROGRAM v2.1 · LAST AUDIT · APR 2026
How we protect your library.
Encryption
TLS 1.3 in transit. AES-256 at rest. Per-tenant keys managed in AWS KMS, rotated quarterly.
Access control
Role-based permissions. SSO via Google, Microsoft, and SAML on Team. MFA enforced for all staff.
Isolation
Per-tenant data stores. Zero-retention agreements with model providers. Your corpus is never used to train.
Monitoring
24/7 anomaly detection. Immutable audit logs. Quarterly third-party penetration tests.
Where it runs
AWS · us-east-1 & eu-west-1.
Litericaai runs on AWS in two regions. EU customers can pin storage to eu-west-1; US customers default to us-east-1. Each tenant's data — uploaded PDFs, embeddings, chat logs, generated reviews — is stored in an isolated, encrypted bucket keyed to that tenant.
We do not operate any data centers ourselves and we do not store customer data on developer laptops. Production access requires hardware-key MFA and is logged to an immutable audit trail.
How inference works
Zero retention. No training. Pinned models.
When you ask a question, we retrieve relevant passages from your library and send them — along with your question — to a frontier model (Claude, GPT-4 family, or open weights running on our own infrastructure).
- Zero-retention contracts with OpenAI and Anthropic. Your prompts and our retrieved passages are not stored on their side beyond the request, and are not used to train their models.
- No model training on your data. Ever. Not for product improvement, not for benchmarks.
- Pinned model versions. Pro and Team customers can see exactly which model handled which answer.
- Local-only option (Enterprise). Self-host the retrieval and answer layer on your own infrastructure. Contact sales.
Where we stand.
| FRAMEWORK | STATUS | NOTES |
|---|---|---|
| SOC 2 Type II | In progress | Audit window opens Q3 2026 |
| GDPR | Compliant | DPA available on request |
| CCPA | Compliant | Do-not-sell honored by default |
| HIPAA | BAA available | For Enterprise customers |
| ISO 27001 | Planned 2027 | Controls already mapped |
Found something?
We pay for valid reports.
If you believe you've found a vulnerability in Litericaai, please email security@litericaai.com with a description and reproduction steps. We acknowledge reports within 24 hours and aim to remediate critical issues within 72 hours.
We run a private bug bounty for verified researchers. Awards range from $250 (low-severity) to $10,000 (critical). PGP key available on request.
Need a SOC 2 report, DPA, or BAA?
We send them under NDA to qualified prospects. Reach out and we'll route you to the right person.