AI Security & Privacy

This page details how Vantage protects your data when using Intuidy AI features, including credential management, data transmission, and organizational security controls.

Security Architecture

Key Security Properties

1. Server-Side Only — All AI API calls are made from Vantage's server, never from the browser. API keys and data payloads never touch the client.

2. Encrypted Credentials — API keys are encrypted at rest in the database. They are decrypted only at the moment of an API call and never logged or exposed in responses.

3. Scoped Data Transmission — Only the minimum data necessary for the specific AI request is sent to the provider. Full databases, account credentials, and unrelated data are never transmitted.

4. No Persistent Storage by Providers — API-based usage of LLM providers generally does not result in data retention by the provider. Refer to each provider's API terms for specifics.

Credential Management

How API Keys Are Stored

• API keys are stored in Vantage's database using encryption
• Keys are associated with the organization, not individual users
• Only users with Admin or Owner roles can view, add, or delete API keys

Adding Credentials

1. Go to Settings → AI Features → Intuidy AI
2. Expand the desired provider
3. Enter your API key in the secure input field
4. Click Save Credentials
5. The key is immediately encrypted and stored

Deleting Credentials

1. Go to Settings → AI Features → Intuidy AI
2. Expand the connected provider
3. Click Delete Credentials
4. The encrypted key is permanently removed from the database

Key Rotation

To rotate an API key:

1. Generate a new key from your provider's dashboard
2. In Vantage, delete the existing credentials
3. Enter the new key and save
4. AI features resume immediately with the new key

Data Privacy

What Data is Sent to AI Providers

What Data is NOT Sent

• Database connection strings or credentials
• User passwords or authentication tokens
• Data from other users' dashboards or tiles
• Full database contents (only relevant tile/workflow data)
• Vantage account or billing information

Data Sampling

For large datasets, Vantage can sample data before sending it to the AI provider. This:

• Reduces the amount of data transmitted
• Lowers token costs
• Speeds up response times

Configure this in Settings → AI Features → Query Settings with the Process Large Datasets toggle.

Organizational Controls

Domain Restrictions

Restrict which email domains can connect integrations to your Vantage instance. This limits the blast radius of any integration compromise.

Configure: Settings → AI Features → Domain Restrictions

Example: Allowing only @yourcompany.com ensures that only corporate accounts can connect external services.

Role-Based Access to AI Settings

Audit & Usage Tracking

All AI operations are logged in the token usage system:

• Who made the request (user ID)
• When the request was made (timestamp)
• What type of operation (assistant, summary, workflow, etc.)
• How many tokens were consumed
• Which provider and model were used

Access usage data at Settings → Account → Usage & Tokens.

Provider Security Comparison

Recommendations

1. Use Mistral if you have strict EU data residency requirements
2. Rotate API keys periodically (every 90 days is a good cadence)
3. Enable domain restrictions if you use integrations
4. Configure data sampling for dashboards with sensitive large datasets
5. Review usage logs monthly for anomalies
6. Limit admin access — only those who need to manage AI settings should have Admin or Owner roles