How we secure your data
Ask2Do is built on a simple promise: your database rows never leave your infrastructure. The cloud orchestrator coordinates the AI conversation, but the data your customer panel queries lives on your servers, behind your credentials, and only the sidecar — running on machines you control — ever touches it.
This page is the operator-friendly summary. For the technical layer list (JWT crypto, SQL parser allow-list, Ed25519 release signing), read Security model. For audit-table SQL, read Audit log.
Where your data lives
| Component | Runs on | Touches your DB? |
|---|---|---|
| Sidecar | Your infra (server you choose) | Yes — the only thing that does |
| Widget | Your customers' browsers | No |
| Cloud orchestrator | Sikasio-managed servers (EU data center) | No — never holds DB credentials |
| Portal (app.ask2do.com) | Managed edge hosting (EU) | No |
The data flow
Each chat message follows the same path. The bold steps are where your DB is queried; everything else is metadata routing.
(1) Customer types in panel widget
│
▼
(2) Widget sends question over WebSocket → Cloud
│
▼
(3) Cloud asks the AI provider what to do
│
▼
(4) AI responds with a tool call (e.g. run_sql_read)
│
▼
(5) Cloud routes the call to YOUR sidecar via WebSocket
│
▼
★ (6) Sidecar runs the SQL on YOUR DB ★
│
▼
★ (7) Sidecar returns rows to cloud (transit only) ★
│
▼
(8) Cloud feeds rows back to the AI
│
▼
(9) AI composes natural-language answer
│
▼
(10) Cloud streams answer to widgetSteps 6 and 7 are the only points your DB rows are touched. The rows flow through cloud as transit data so the AI can summarize them, then they're discarded after the response. Cloud does not persist your DB rows.
What we never see
- Your DB credentials. They live in your sidecar's
ASK2DO_DB_DSNenv on your server. The sidecar never forwards them. - Your DB connection string. Same as above — we have no way to log in.
- Bulk dumps of your data. The SQL parser blocks unbounded queries (no
SELECT * FROM userswithout a limit). The cloud only sees what the AI deliberately requests for a specific question. - Files on your server. The sidecar only opens DB connections and (optionally) reads a code repository you point it at. It can't list arbitrary files or run arbitrary commands.
What we do see (and where)
| Data | Where it goes | Why |
|---|---|---|
| The chat question text | Cloud → AI provider | Required to compose the answer |
| Query result rows (transient) | Cloud → AI provider → discarded | Required to summarize the result |
panel_user_id + role | Cloud (logs + audit) and your ask2do_audit table | Authorization + audit trail |
| Tenant slug + key id | Cloud DB | Routing + auth |
| Conversation memory (last ~10 turns) | Cloud cache (24h TTL) | Chat continuity within a session |
| Billing email + customer id | Cloud DB + payment provider | Subscription management |
Third parties
A small number of external service providers see fragments of your usage. We picked each deliberately and document exactly what reaches them:
| Provider role | What we send them | Region |
|---|---|---|
| AI provider | Chat messages + tool-call results (your rows in transit) | Configurable; default global |
| Payment provider | Customer email, billing address, subscription state | EU data-handling agreement |
| Email provider | Outbound email recipient + body (welcome, magic link, dunning) | EU |
| Cloud infrastructure | All cloud-hosted services (orchestrator, database, cache) | EU data center |
| Global CDN | Widget bundle + sidecar binary downloads | Global edge |
Encryption (in brief)
Everything in transit is TLS 1.2+. Tenant keys are stored only as argon2id hashes — a full DB compromise on our side still cannot recover the raw key. JWTs are Ed25519-signed and short-lived. Sidecar releases are Ed25519-signed too, with the public key compiled into every binary so a compromised CDN cannot push an unsigned update.
For the full mechanism — signing flow, parser deny-list, DB role grants, two-phase approval — see Security model.
Data residency
You control where your DB lives — we have no opinion. The sidecar runs wherever you put it; it doesn't care about region.
Sikasio-hosted infrastructure runs in an EU data center. The portal serves from a managed edge host (EU). The CDN is global — it only ever serves the widget bundle and the public sidecar binaries, no user data.
For customers requiring stricter residency (regional data-localization regimes for government or regulated workloads), we can run a dedicated cloud orchestrator in your preferred region. Email enterprise@ask2do.com.
Retention
| Data | Retention |
|---|---|
| Conversation memory (cache) | 24 hours, then auto-purged |
| Cloud structured logs | 30 days rolling |
ask2do_audit table on your DB | Forever (we never touch it after creation) |
| Tenant + subscription records | Until you cancel + 90 days, then anonymized |
| Payment-provider records | Per the provider's retention (~7 years for tax/billing) |
Right to deletion
Email hello@ask2do.com with the tenant slug + a deletion request. Within 14 business days we:
- Pause the tenant + revoke all keys.
- Delete tenant rows + cached conversation memory.
- Anonymize cloud audit logs (replace email with
deleted-{tenant_id}@anonymized.local). - Cancel the subscription with the payment provider (the provider retains its own records per their policy).
The ask2do_audit table on your DB is yours; you decide whether to keep or drop it.
Compliance
| Posture | Status |
|---|---|
| GDPR + regional data-protection regimes | Operationally compliant; DPA on request |
| Data Processing Agreement (DPA) | Boilerplate available; sign-back via hello@ask2do.com |
| SOC 2 Type II | On the roadmap |
| HIPAA / PCI | Out of scope for v1 (no protected categories of data targeted) |
Breach notification
If we detect or confirm a breach affecting your data on our side, we notify you within 72 hours of confirmation per GDPR-aligned timing. The notification includes scope, timeline, and remediation steps.
For suspected key leaks (something you control) or vulnerability disclosure (security researchers), see key rotation and vulnerability disclosure in the security model.
The promise, condensed
- Your DB credentials live on your server. We never see them.
- Your rows transit through cloud only as needed for a specific question, then are discarded.
- Every write is gated behind a human admin clicking Approve, with a tamper-evident log on your DB.
- You can rotate keys, pause tenants, and request deletion at any time.
- We tell you within 72 hours if something we manage gets compromised.
Have a question this page didn't answer? Reply to your install email or write to hello@ask2do.com.