Security

Built for the
security review.

Team Assistant is built by FNTIO, a company with years of experience delivering enterprise software. Every layer of the platform is designed to pass your security team's evaluation.

Start Free Book a Demo

Capabilities

Security at every layer.

Data residency, identity federation, sandboxed agents, and a shared responsibility model for AI safety.

Your data at rest stays in the EU.

All data at rest is stored in Frankfurt. AI inference calls go to the model providers your admin has enabled (Anthropic, OpenAI, Google, AWS Bedrock). Which providers and regions are available is configurable per tenant. Model providers do not retain your data and do not use it for training. All inference runs through the Team Assistant backend.

EU Frankfurt

Identity and access from your existing provider.

SSO via SAML 2.0 or OIDC. Automatic user provisioning and de-provisioning through SCIM. When someone leaves your organization, their access is revoked immediately. Custom roles with granular permissions across every resource type.

SAML

OIDC

Agents are sandboxed and auditable.

Agents run in kernel-isolated containers. All outbound network traffic goes through a proxy with domain allowlists. Credentials are injected at request time and never visible to agent code. Every agent action, every API call, every credential operation is logged. Admins see who did what, when, and which agent was involved.

Agent Container

Balancing capability with safety.

AI agents are powerful when they have access to your tools. That access is a deliberate choice. Team Assistant provides the mechanisms (sandboxes, tool approvals, scoped credentials, domain allowlists), but the scope of what an agent can do is configured by your admins and users. We secure the platform. You define the boundaries. This is a shared responsibility model.

Vault Access

API Calls

Email Send

Shared Responsibility

What we secure. What you configure.

Platform security (FNTIO)

Tenant isolation, data encryption at rest and in transit, SSO, SCIM, RBAC, audit logging. The platform is secured with enterprise best practices.

Agent guardrails (FNTIO)

Sandboxed execution, credential injection invisible to agents, network proxy with domain allowlists, tool approval flows. These mechanisms are built into the platform and enforced automatically.

Agent scope (You)

Which connections an agent can use, which vaults it can read, which tools it can call, which domains it can reach. Every integration is a deliberate action by an admin or user. The platform provides the controls, your team defines the policy.

Agent behavior (Shared)

AI models are constantly improving and every organization has different trust levels. If an admin grants an agent permission to send emails via Outlook and the agent uses that capability in an unexpected way, that falls under the configured scope. We ensure the guardrails hold. Your team decides how wide the guardrails are.

Under the hood

Built for security teams.

Click to expand each section.

All inference requests are routed through the Team Assistant backend. There are no direct client-to-model connections.
Model providers (Anthropic, OpenAI, Google, AWS Bedrock) do not retain customer data and do not use it for training.
Prompt caching reduces cost on subsequent messages within a session. Cached data lives in the model provider's infrastructure for the duration of the cache window, then is discarded.
Admins control which model providers and models are available to their organization.

Every agent action, outbound API call, credential operation, and permission change is logged server-side.
Outbound request logs include domain, method, path, status code, timestamp, and the agent that initiated the call.
Admin-facing audit log export and retention configuration are on the roadmap.

Deleting a user removes all their private resources (sessions, messages, personal vaults). For shared resources, the admin can transfer ownership to another user.
Contributions to shared vaults are preserved. Right to erasure (GDPR Art. 17) is supported for all personal data.
Revoking a user via SCIM immediately disables their access. Active agent sessions are terminated.

In practice

How a financial services firm configured Team Assistant.

A 200-person financial advisory firm needs AI agents that can access client portfolios, draft compliance reports, and send emails to clients. Their CISO requires EU data residency, SSO with their Azure AD, and full auditability of every agent action.

The IT admin enables SSO and SCIM through the self-service portal. Users are provisioned automatically from Azure AD. The admin enables Claude Sonnet and GPT-4o as available models, disabling all US-only providers. They create connections for Outlook (OAuth, scoped to read and draft only) and their internal portfolio API (API key, read-only).

Advisors use the general-purpose agent for research and drafting. A specialized compliance agent is built in Agent Studio with access only to the compliance vault and the portfolio API. Scheduled runs generate weekly compliance summaries. The agent can draft emails but cannot send them. That last step stays with the advisor. The CISO reviews the audit trail and sees exactly which agents accessed which data.

Area	Status	Details
GDPR	Compliant	EU data processing, tenant isolation, right to erasure
Data Residency	EU (storage)	Data at rest in Frankfurt. Inference providers configurable by admin.
Encryption at Rest	Implemented	AES-256 envelope encryption for all secrets
Encryption in Transit	Implemented	TLS everywhere, including sandbox proxy
SOC 2 Type II	Planned	Audit trail infrastructure in place