Security
Sesame is designed from the ground up with security and privacy as core principles. Unlike many generative AI tools, your prompts, documents, and metadata never leave your secured environment.
CORE
Why Sesame is secure
Your data remains private, encrypted, and sovereign — with full visibility and control to view, manage, or delete it at any time.
Data, Control, Transparency.
We understand the importance and sensitivity of your data. Sesame is built to ensure you have total control and clear insight into how your data is stored, used, and removed.
Data Center Location
All data — including documents, embeddings, chat logs, and access records — is stored exclusively in EU-based data centers operated by OVHcloud. These facilities meet top-tier physical and digital security standards and comply with:
- ISO/IEC 27001
- GDPR
- EU Cloud Sovereignty regulations
DATA CENTERS:
Frankfurt, Germany
Paris, France
Data Protection Measures
Your data is never shared, sold, or processed by third parties — now or in the future.
- Encryption at Rest: AES-256
- Encryption in Transit: TLS 1.3 (with optional client certificates)
- Access Control: Fine-grained policies at the tenant, resource, and group level
- No Third-Party Exposure: No data is ever sent to external APIs or non-European services
Complete Deletion Control
We use secure deletion protocols to ensure all removed data — including from backups — is permanently unrecoverable.
At any time, you can:
- Encryption at Rest: AES-256
- Permanently delete individual files or resources
- Erase full chat histories
- Request full organizational data deletion during offboarding
CORE
Platform Security
Designed for Trust — from data storage to AI model execution.
01.
Closed-Wall Architecture
Sesame runs within a tightly controlled, multi-layered security system. There is no public-facing access to core services. Each layer — from input to model execution — is protected by firewalls, zero-trust authentication, and strict network isolation.
02.
Self-Hosted AI Models
All LLMs and embedding models are open-source and run locally on dedicated infrastructure we fully control. Every prompt, context, and output stays inside the secure Sesame environment.
- No external API calls
- No data leaving the environment
- Full GDPR compliance and EU data residency
03.
Post-Quantum Ready Encryption
Sesame uses modern encryption techniques that are designed to withstand future quantum threats:
- At Rest: AES-256
- In Transit: Hybrid key exchange (X25519 + Kyber) with TLS 1.3 and forward secrecy
04.
Privacy-by-Design Architecture
Privacy is built into Sesame from day one. Every interaction is governed by tenant-based access rules, with optional fine-grained permissions at the resource or group level. Our privacy-first design has been recognized and supported by the German Federal Ministry of Education and Research (BMBF).
05.
Enterprise-Grade Security & DevSecOps
We follow continuous hardening practices and integrate security throughout the development lifecycle:
- Endpoint Monitoring: Ongoing vulnerability scanning (e.g., QualysGuard)
- Code Security: Static and dynamic testing in CI/CD pipelines
- Hosting: In certified OVHcloud data centers (Germany and France)
- Compliance: Aligned with ISO 27001, GDPR, and EU Sovereignty mandates
06.
Strategic Cybersecurity Partnerships
We collaborate with leading research institutions, including CISPA Helmholtz and Fraunhofer SIT. Through these partnerships, we:
- Participate in regular red-team/blue-team exercises
- Serve as a testbed for new cybersecurity innovations
- Help design the next generation of AI security standards
SECURITY
Privacy-by-design
One of Sesame’s key strengths is its multilayered security architecture. Our team leverages world-class LLM models that operate entirely off the grid, ensuring your sensitive files remain out of reach from public model scrutiny.
- SHA-256 Encryption
- E2E Encrypted
- Trusted SaaS
- EU Hosting
- No model training
- Model-agnostic
Supported by titans of European safety.
We’re pursuing the highest market standards in cyber- and data security.
© Contexxt.ai Technologies GmbH.
All Rights Reserved.