Why Security Architecture Matters for AI Assistants
Most AI assistants ask for access to your email, calendar, and documents — then store everything in a shared database with row-level filtering. Your data sits next to every other customer's data, separated by a WHERE clause.
That is not security. That is a query parameter away from a breach.
PILOT was built differently. When you give PILOT access to your business, your data goes into an architecture designed to protect it at every layer.
Per-User PostgreSQL Schema Isolation
Every PILOT user gets their own PostgreSQL schema. Not a shared table with a user_id column — a physically separate schema with its own tables, indexes, and constraints.
This means a bug in one user's query can never accidentally return another user's data. There is no lateral movement possible between user datasets. If we need to delete your data, we drop the schema. Clean. Complete. Irreversible.
Field-Level Encryption with AES-256
Inside your schema, sensitive fields are encrypted using pgcrypto with AES-256. Names, email addresses, transcripts, decisions, contact details, relationship notes — all encrypted at the column level.
This is not just encryption at rest (which Azure provides by default). This is application-layer encryption that ensures even a database administrator with full access sees encrypted blobs, not readable business data.
Zero Secrets on Disk — Azure Key Vault + Managed Identity
PILOT stores zero API keys, tokens, or credentials on the server filesystem. All secrets live in Azure Key Vault. The application server authenticates to Key Vault using Azure Managed Identity — a certificate-based identity that requires no stored credentials.
This eliminates an entire class of attack vectors: there is nothing to find in a config file, nothing to extract from an environment variable dump, nothing to steal from a compromised server.
EU Data Residency — Azure Germany West Central
All PILOT infrastructure runs in Azure Germany West Central. Database, application server, key vault, blob storage, AI processing — everything stays within German data centers.
This is not a policy decision that could be reversed. It is baked into the infrastructure. There are no US-based fallback regions, no cross-border data transfers for analytics, no third-party services that route data outside the EU.
For German founders subject to DSGVO, this eliminates the transfer mechanism question entirely. Your data is in Germany. Full stop.
No Passwords — OAuth Only
PILOT does not have a password database. Authentication happens exclusively through Microsoft Entra ID or Google OAuth. Your identity provider handles credential management, MFA enforcement, and session policies.
This means PILOT has no credential database to breach. No password hashes to crack. No reset tokens to intercept. The attack surface for authentication is your existing enterprise identity provider — which is already hardened.
True Deletion — Schema Drop, Not Soft Delete
When you delete your PILOT account, one command drops your entire PostgreSQL schema. Every table, every encrypted field, every index, every row — destroyed. Not marked as deleted. Not retained for 90 days. Not kept for aggregate analytics.
Most SaaS products soft-delete your data and keep it indefinitely. PILOT gives you actual control. DELETE means DELETE.
Built for Founders Who Handle Sensitive Information
If you are a founder, executive, or advisor, PILOT sees your most sensitive information: client names, deal terms, internal decisions, personnel notes, financial discussions. The security architecture was designed for exactly this level of trust.
This is not security theater bolted onto a prototype. It is the foundation the product was built on.
FAQ
Frequently Asked Questions
Get Started
Get Early Access
Currently accepting 10 founding users.
You’ll hear from Sebastian directly.