What does Chion actually do with your database?
Before you connect a database to anything, you should know exactly what it can do, what it can see, and where your data goes. Send this page to your security team.
Security architecture
Read-only SQL enforcement
Every query is SELECT-only. Three layers enforce read-only: your database role, the SQL contract that bounds generation, and runtime validation before execution. No writes can reach your database through Chion.
AES-256-GCM credential vault
Database credentials are encrypted at rest with AES-256-GCM using a Load-Consume-Purge pattern. When a connection is opened, the plaintext DSN is loaded into memory, consumed for the socket handshake, and immediately shredded in a finally{} block. Credentials never persist in application memory beyond the connection moment.
Row-level security
We connect using the role you provide. Your PostgreSQL RLS policies are enforced on every query — from schema ingestion, through column profiling, to every query execution. We never elevate privileges or bypass access controls.
LLM data isolation
LLM providers receive only structural metadata and aggregated query results via a secure gateway. Raw row-level data never leaves your database. Nothing is stored, cached, or retained by the model provider. Your data is never used to train, fine-tune, or improve any model.
Data handling
Query results are held in memory during your session for chart rendering. They are not persisted to disk or stored long-term. When you close the session, results are discarded.
Schema metadata (table names, column types, cardinality) is stored server-side to enable contract-based SQL generation. This metadata contains no actual data values.
What we store — Randomly sampled column values (e.g., top categories by frequency) used to build a semantic catalog, and structural metadata (table names, column types, relationships). This teaches the system your nomenclature, not your data.
Credentials are encrypted in our vault and never transmitted in plain text. Every credential operation is logged to our security audit trail.
Conversations (your questions and generated SQL) are stored to enable conversation history. They do not contain raw data rows.
Credential & session lifecycle
Rolling sessions with automatic renewal
Database sessions roll on a 24-hour cycle with automatic renewal on successful validation. Credentials are scrubbed after 3 consecutive failures or explicit disconnect. A 30-day reconnect hint preserves non-secret topology (host, port, schema names) so re-authentication requires only a password — no full reconfiguration.
Deployment flexibility
Your deployment, your rules
Choose between managed cloud providers (Anthropic, OpenAI, Google), dedicated GPU infrastructure via CoreWeave, or fully on-premise models behind your firewall. Every option runs the same read-only, zero-export pipeline with identical isolation guarantees.
No architectural compromises, no vendor lock-in. Whether the model runs on Anthropic's API or a self-hosted instance in your data center, the contract is the same: metadata and summaries in, SQL out. Raw rows never cross the boundary.
Compliance roadmap
SOC 2 Type II
In progress. We're working toward SOC 2 Type II certification. Contact us for our current security questionnaire and controls documentation.
We implement security controls aligned with SOC 2 Trust Service Criteria today — including access controls, encryption, audit logging, and incident response — ahead of formal certification. Infrastructure hosted on SOC 2-certified cloud providers with encryption at rest (AES-256) and in transit (TLS 1.3).
GDPR — Chion processes only structural metadata and anonymized samples. No personally identifiable information is required or retained beyond your database's own access controls.
DPA — Data Processing Agreement available on request for enterprise customers. Covers data handling, sub-processor disclosure, and breach notification procedures.
Governance & compliance
Chion is built on a principle of data minimalism — we access only what is needed, store only what is essential, and discard everything else.
All AI-generated SQL is governed by a structural contract that prevents out-of-scope access. Every query is lint-checked, budget-enforced, and auditable.
We maintain a complete security audit log of all connection events, credential operations, and query executions. No operation is invisible.
Our engineering team follows a "fail-closed" security model — when invariants are violated, the system stops and surfaces the issue rather than silently proceeding.
SOC 2 Type II — In progress. Our infrastructure and data handling practices are being evaluated against the Trust Services Criteria for security, availability, and confidentiality.
GDPR — Chion processes only structural metadata and anonymized samples. No personally identifiable information is required or retained beyond your database's own access controls.
Data Processing Agreement (DPA) — Available on request for enterprise customers. Covers data handling, sub-processor disclosure, and breach notification procedures.
Infrastructure hosted on SOC 2-certified cloud providers with encryption at rest (AES-256) and in transit (TLS 1.3).
No data selling — Chion will never sell, license, or share your data or metadata with third parties.
No model training — Your queries, results, and metadata are never used to train, fine-tune, or benchmark any AI model. This applies to both our systems and our LLM provider agreements.
Retention policy — Query results are ephemeral and exist only for the duration of your session. Semantic metadata (column labels, embeddings) persists until you disconnect a data source, at which point all associated artifacts are purged.
Transparency reporting — We are committed to publishing an annual transparency report covering data access requests, security incidents, and infrastructure audit outcomes.
Sub-processors
Every tool in your stack is a liability if it touches your data. Here's every service we send anything to, what we send, and why. No hidden processors.
| Provider | Role | Location |
|---|---|---|
| Supabase | Authentication, database, edge functions | US/EU |
| Anthropic | LLM provider (Claude) | US |
| OpenAI | LLM provider (GPT) | US |
| LLM provider (Gemini) | US | |
| Mistral | LLM provider (Mistral) | EU |
| CoreWeave | Dedicated GPU compute for isolated model hosting | US |
| Stripe | Payment processing | US |
Incident response
If you discover a security vulnerability or suspect unauthorized access, contact us immediately at security@chion.ai. We acknowledge reports within 24 hours and provide status updates within 72 hours.