TOMRIS
Cloud
Security & Privacy

Privacy Policy

Last updated: May 20, 2026. This policy outlines how Tomris Cloud handles your data.

Zero Data Retention

Agent reasoning logs are processed on demand. We do not store raw prompt details once your sandbox worker completes execution.

Encrypted Vaults

All database credentials, API tokens, and webhook variables are encrypted at rest using isolated client keys (AES-256).

Compliance Driven

Designed to satisfy GDPR and SOC 2 Type II controls, providing strict data routing logs for enterprise audit needs.

01. Information We Collect

To provide the Tomris Cloud experience, we collect basic account credentials (name, email, organization details) and infrastructure data (telemetry logs, connector statuses, resource CPU/RAM utilization).

We do not collect or inspect data flowing through your databases or custom connectors, except when displaying live debug telemetry to you inside your organization console dashboard.

02. Encryption & Vault Security

Credentials and access keys used to configure database tunnels, Slack notifications, or HubSpot API integrations are immediately processed through an encrypted storage layer. The encryption key is isolated per tenant organization, ensuring no cross-exposure is possible even in cluster environments.

03. Data Sharing & Compliance

Tomris Cloud operates under strict multi-tenant restrictions. We do not sell, share, or lease customer data. Third-party integrations are purely directed by organizational owners who associate credentials and configure active agent flows.

04. Your Choices & Rights

You can delete your organization metrics, wipe your credential vaults, and shut down serverless agent nodes at any time directly through the dashboard workspace.