Security

Built to be trusted

Security and data protection are fundamental to how Thinklio is designed — not features bolted on after the fact. This page describes the controls we have in place to protect your data and your agents.

Last updated: March 2026

01

Infrastructure security

Thinklio is hosted on EU infrastructure with strong physical and network security controls.

EU data residency

All customer data is stored and processed within the European Union. Our primary infrastructure runs on Hetzner Cloud in Nuremberg, Germany, ensuring compliance with EU data protection requirements by default.

Encryption in transit

All data transmitted between clients and the Thinklio platform is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints and reject insecure connections.

Encryption at rest

Data stored at rest, including database volumes, backups, and object storage, is encrypted using AES-256 or equivalent industry-standard algorithms.

Network isolation

Production systems run in isolated network segments. Internal services are not exposed to the public internet. Access to production infrastructure is restricted by IP allowlisting and requires strong authentication.

02

Authentication and access control

Access to the Thinklio platform is governed by layered authentication controls and the principle of least privilege.

Password security

User passwords are hashed using bcrypt with a strong work factor before storage. Plaintext passwords are never stored, logged, or transmitted.

Token-based sessions

Authentication sessions use signed JSON Web Tokens (JWT) with short expiry windows and automatic rotation. Refresh tokens are stored securely and invalidated on logout.

OAuth and SSO

Thinklio supports OAuth 2.0 and single sign-on (SSO) integrations, allowing organisations to enforce their own identity and access policies.

Role-based access control

Permissions within the platform are enforced through a role-based access control (RBAC) model. Every action an agent or user can perform is governed by explicit permission grants — there is no implicit access.

03

Multi-tenant isolation

Thinklio is a multi-tenant platform. Tenant isolation is enforced at multiple layers so that one organisation's data and operations are never accessible to another.

Database-level row security

Row-level security (RLS) policies are applied at the database layer. Every query is automatically scoped to the requesting tenant, preventing cross-tenant data leakage even in the case of application-layer defects.

Application-level context assertions

At the application layer, tenant context is asserted on every request before any data operation proceeds. Requests without valid tenant context are rejected before reaching any business logic.

Scoped cache keys

Caching layers use tenant-scoped keys to prevent cache poisoning across tenants. Cache entries are invalidated on tenant context changes.

Network isolation

Where applicable, tenant workloads run in isolated execution environments. Shared infrastructure components enforce strict resource quotas to prevent one tenant from affecting the availability of others.

04

Audit and compliance

Every action on the Thinklio platform is traceable. We treat auditability as a core product requirement, not an afterthought.

Immutable audit logs

All agent actions, permission evaluations, and administrative operations are recorded in append-only audit logs. Log entries include the actor, the action, the timestamp, and the full context at the time of execution.

Full traceability

Every workflow execution can be traced from trigger to completion. Individual decisions, tool calls, and cost events are linked together, making it possible to reconstruct exactly what happened and why.

GDPR-ready architecture

The platform is designed to support GDPR compliance obligations, including data subject access requests, right to erasure, and data portability. Customer data is logically separated to support these workflows.

05

Governance by design

The Thinklio policy engine is central to how the platform controls what agents are permitted to do.

Policy evaluation on every operation

Before any agent action is executed, the policy engine evaluates whether it is permitted given the agent's assigned role, the current context, and any active constraints. Actions that fail policy evaluation are blocked and logged.

Trust levels

Agents and users are assigned trust levels that determine what categories of operations they may perform. Trust escalation requires explicit approval and is recorded in the audit log.

Budget enforcement

Every agent is assigned a cost budget. The platform tracks token usage, API call costs, and other resource consumption in real time. When a budget threshold is reached, the platform circuit-breaks execution before costs escalate further.

Responsible disclosure

If you discover a security vulnerability in Thinklio, we encourage you to report it to us promptly and responsibly. We will investigate all credible reports and work to resolve confirmed issues as quickly as possible.

Please do not publicly disclose the issue until we have had a reasonable opportunity to address it. We appreciate responsible researchers and will acknowledge valid disclosures.

Report a vulnerabilityGeneral security enquiries

Security: security@thinklio.com · General: hello@thinklio.com