// legal · security posture

Security at Wauldo

Your documents contain sensitive data. We treat every layer of our stack — from network to query response — as a security boundary. This page documents the controls we operate. If you spot a gap, tell us.

Last updated: April 22, 2026

// infrastructure

Infrastructure

Network and runtime layer. Everything below your query.

· TLS

End-to-end encryption

All API communication uses TLS/HTTPS. No plaintext transport on any public surface.

· HOST

Managed cloud hosting

Production runs on managed cloud infrastructure with provider-level physical security, automated patching, and per-region isolation.

· QUOTA

Fail-closed quotas

When the quota backend is unreachable, rate-limit and quota checks deny by default. We never fail open on auth-adjacent paths.

· LIMIT

Per-IP brute-force protection

Rate limiting per IP with automatic blocking on abuse patterns. Anonymous quotas never share a bucket.

// data isolation

Data isolation

Multi-tenant by construction. Zero cross-tenant data access is possible.

· TYPE

Typed tenant identifiers

Every tenant-scoped query validates its tenant identifier at the code boundary. Malformed or reserved placeholders are rejected before any data access.

· SEARCH

Tenant-scoped retrieval

Full-text and vector retrieval filter documents by tenant before scoring. No global index. No cross-tenant leakage.

· CACHE

Tenant-scoped cache keys

Every cache entry is namespaced by tenant identifier. Invalidation on upload and delete is tenant-local.

// api security

API security

Every ingress point is bounded, typed, and quota-checked.

· AUTH

JWT + Bearer

Authentication via JWT with configurable expiry, or direct Bearer tokens for self-host and marketplace paths. Revoked keys are denied even before reaching the quota layer.

· BODY

Bounded request bodies

All request and upload bodies are bounded in size with strict limits enforced at the proxy layer. Prevents oversized-payload abuse.

· DIM

Embedding inputs clamped

Embedding requests are clamped to a fixed dimensional range. Anti-DoS against memory-exhaustion attacks.

· SSE

Streaming response caps

Server-sent events are capped per response to prevent unbounded memory allocation on long-tail streams.

· REVOKE

Key revocation

An orthogonal deny-list layered on top of the issuance source-of-truth. Revocation fail-open so a backend outage cannot authorize revoked keys.

· SANITIZE

Prompt-injection defenses

Multiple layers: input sanitization on user queries, source-as-data framing for retrieved content, and post-output scanning for known injection patterns.

// llm security

LLM security

The layer most products get wrong. Ours is reviewed continuously.

· ERR

Generic error surface

Raw upstream LLM errors are never exposed to clients. Every exception is translated to a bounded public error vocabulary.

· THINK

Reasoning-trace removal

Internal reasoning and hidden chain-of-thought are stripped from every outbound response path, including streaming.

· BREAK

Circuit breaker

Consecutive upstream failures trip a circuit breaker that isolates the failing provider. Automatic fallback chain picks the next healthy option.

· FAIL

Fail-fast on auth errors

401 and 403 from an upstream provider never fall back to an alternative — we surface the error immediately rather than leaking traffic to a different model.

· CAP

Tool-result injection cap

Tool outputs are bounded before being re-injected into the model context. Prevents runaway context growth and tool-originated injection.

· VERDICT

No CONFLICT false-positives

A refuted claim returns UNVERIFIED or PARTIAL. CONFLICT is reserved for true contradictions — never for "couldn't match".

// audit trail

Audit trail

Every response is traceable. Nothing is opaque.

· REASON

Per-claim diagnostics

Each refuted claim carries a reason field: numerical_mismatch, entity_mismatch, negation_conflict. You see why, not just a score.

· TRAIL

Per-response metadata

Model, latency, verdict, and retrieval path travel with every response. Correlate with your own logs for post-incident review.

· METRICS

Prometheus export

Real-time metrics via an authenticated /metrics endpoint. Cascade override rates, LLM cost per model, retrieval-path decisions.

// data handling · GDPR

Data handling & your rights

Wauldo is GDPR-aware by design. The privacy policy covers exactly what we collect, how long we keep it, and how to exercise your rights — concise plain language, no dark patterns.

· RETENTION

Tenant-controlled lifetime

Uploaded documents and indexed chunks live as long as your tenant collection. DELETE /v1/collections/:id removes documents, chunks, and embeddings in one call. Detail: privacy §3.

· RIGHTS

Access · deletion · portability

EEA residents have full Article 15-22 rights: data export, account deletion, processing restriction. Email privacy@wauldo.com. Detail: privacy §8.

· SUB-PROCESSORS

Listed & minimal

OpenRouter (LLM routing), AWS (compute & storage), Upstash (cache), Vercel (landing). Each disclosed in privacy §5 with the data category that crosses the boundary.

// responsible disclosure

Found a vulnerability?

If you've identified a security issue, please email security@wauldo.com before public disclosure. We commit to acknowledging every report within 48 hours and to not pursuing legal action against good-faith researchers.

Email security@wauldo.com → Legal editor info →