Security & trust
High-level information for security and procurement reviews. Your order, data processing agreement, and privacy policy take precedence over this page.
Architecture snapshot
Client → your application (stores `DELTA_API_KEY` in your secret manager) → TLS to `https://rundelta.dev` → inline policy pipeline (inspect / redact / route) → model provider endpoint you configure. Logging and retention are governed by your deployment and contract.
Prompts and payloads
Whether full request/response bodies are persisted, for how long, and which roles can retrieve them is agreed per environment — see onboarding, contract, and privacy policy. We do not use your customer prompts to train public foundation models unless that is expressly agreed in writing.
Subprocessors
Platform subprocessors such as hosting appear in our privacy policy. Model providers are either invoked with your keys (you maintain the relationship) or as agreed in your order.
Responsible disclosure
Report security issues to hello@kuckein.com with subject line “Security”. We coordinate fixes and announcements with you; there is no public bug bounty yet.