interlocute.ai beta
Create a node

Security & Data

What Interlocute stores, what it doesn't, and how your data is handled.

What we store

  • Messages — conversation content is stored to maintain thread state and support memory retrieval. Messages are encrypted at rest.
  • Usage metadata — token counts, latency, API key identifiers, and timestamps. Used for billing and observability.
  • Node configuration — system prompts, policy rules, and trigger schedules.

What we do not store

  • API key secrets — full API keys are hashed. We store a prefix for identification but cannot reconstruct the full key.
  • Raw LLM provider credentials — Interlocute manages provider communication internally. Your provider keys are never exposed in logs or responses.

Data retention

Data retention policies vary by plan. Free tier data is retained for 30 days. Paid plans offer configurable retention periods and the ability to set per-node TTL policies.

You can delete thread data at any time via the dashboard or API. Deletion is permanent and applies to both message content and associated metadata.

Tenant isolation

Each Interlocute account is a fully isolated tenant. Data boundaries are enforced at every layer:

  • Nodes, threads, and memory are scoped to your account
  • API keys only grant access to your own resources
  • There is no cross-tenant data access at any level

Encryption

  • In transit — all communication uses TLS 1.2 or later. HTTP connections are redirected to HTTPS.
  • At rest — stored data is encrypted using AES-256 with platform-managed keys.

Responsible AI & governance

Interlocute includes built-in governance features:

  • Policy enforcement — nodes operate within defined policies. Off-topic or harmful requests can be automatically refused.
  • Audit trail — every interaction is logged with attribution, making it possible to trace any action back to a specific request, key, and node.
  • Quota controls — spending limits prevent runaway costs and ensure budget predictability.
  • Refusal logging — when a node declines a request, the reason is recorded for review.

Compliance

Interlocute is designed with data protection in mind. For questions about specific compliance certifications, data processing agreements, or regulatory requirements, see our legal pages or contact hello@interlocute.ai.

Next steps

  • FAQ — common questions answered
  • Auth & Keys — credential management and rotation
API ExamplesFAQ