Saykai
Security & Trust

Security controls for pilots.

Saykai helps teams catch unsafe behavior changes before they ship by running scenarios and log replays in CI. This page describes how we approach security for early deployments.

Disclaimer: This page is informational only and does not modify any agreement with Saykai LLC.

Pilot security, clearly scoped.

Saykai is early stage. For pilots, we scope security and data handling up front so there are no surprises. We can provide a short pilot security appendix covering the specific configuration used for your pilot.

DATA What data is submitted
LOCATION Where it is stored
ACCESS Who can access it
LIFECYCLE Retention & Deletion

What we protect.

Customer Content

"Customer Content" is what you submit to Saykai to run evaluations.

  • Safety Specs and Safety Packs
  • Scenario outputs and evaluation artifacts
  • Log replays, traces, metrics, run metadata
  • Configuration for your workflows

> Note: For pilots, we recommend avoiding sensitive personal data unless required.

Account & Operational Data

Data required to run the service and support you.

  • Workspace and user account info (users, roles)
  • Operational logs for reliability & troubleshooting
  • Support communications

How we use Customer Content

You own your Customer Content. We process it to provide the Services and generate outputs for your workspace. We do not sell Customer Content.

MODEL TRAINING POSTURE (DEFAULT)

Customer Content is not used to train shared, general-purpose models by default. If we ever offer an option that uses data beyond your deployment, it would be explicit and controlled.

Security controls for pilots.

Encryption

In Transit: Pilot deployments are intended to use HTTPS/TLS.
At Rest: Content is intended to be stored on encrypted storage/databases via underlying cloud providers.

We confirm specific encryption settings during pilot onboarding.

Access Controls

Access is limited to authorized users in your workspace and a small set of Saykai support personnel.

We align on a “no access unless requested” approach for support if required.

Logging & Auditability

We maintain logging for authentication events, operational troubleshooting, and investigation of security events.

Logging scope is aligned during pilot setup.

Retention & Deletion

We retain only what is needed to run the pilot. We support deletion of pilot Customer Content upon request at the end of the pilot.

Subject to reasonable technical limitations (e.g., backups).

Operational Security

Subprocessors

Saykai may use vetted vendors for infrastructure (hosting, storage, monitoring, email). For pilots, we can provide a current subprocessor list on request.

Incident Response

If a security incident affects a pilot, our goals are to contain the issue quickly, assess impact, restore service, and notify affected customers.

Compliance

Saykai aims to meet common enterprise security expectations. We do not claim ISO certification unless explicitly stated in writing.

Vulnerability Reporting

Found a security issue?

If you believe you found a security issue, please email us with a description, steps to reproduce, and supporting evidence. We triage and respond based on severity.

Email security@saykai.com

Security Contacts

Security Team security@saykai.com
Privacy Requests privacy@saykai.com