Security at DoCoreAI

We design for privacy by default: we never store your prompt or output content—only telemetry (token counts, timings, success signals) needed to compute cost, efficiency, and ROI.

What we collect

  • Token counts (prompt/completion)
  • Request timings & retries
  • Success/failed indicators, model ID

No raw prompts, outputs, or customer content.

What we never collect

  • No prompt bodies or completions
  • No training on your data
  • No secrets or API keys copied to our servers

Data flow (at a glance)

Your app ↔ LLM provider carries content. A separate telemetry-only channel sends counts/timings to DoCoreAI for dashboards.

See diagram →

Encryption

  • TLS 1.2+ in transit
  • Encrypted at rest via cloud KMS

Access controls

  • Least-privilege access; MFA for admin consoles
  • Role-based access (RBAC) for dashboards
  • Audit logging for sensitive actions

Retention & deletion

Telemetry retention can be configured per tenant. We’ll honor deletion requests and can disable telemetry for sensitive projects.

Subprocessors

We use reputable infrastructure providers. A current list is maintained here: (add your page).

Vulnerability disclosure

Report security issues to info@docoreai.com. We’ll acknowledge within 48 hours and keep you updated.

You can also publish /.well-known/security.txt (see below).

Compliance

We follow industry best practices and are building toward SOC 2. Need details for a vendor review? Email info@docoreai.com.

Contact

Security questions? info@docoreai.com • Privacy questions? Privacy Policy