Skip to content

Encryption

At rest

niil encrypts your sensitive data at rest with AES-256-GCM:

  • Chat content — messages, conversation titles and uploaded documents.
  • Connector credentials — the tokens/keys for external services you connect are encrypted with a separate key.
  • Knowledge base documents — encrypted under a per-base key. Whether stored in the database or in your operator's optional EU object storage, only ciphertext is written — so crypto-shred applies there too.

Encryption is always on; it isn't a setting you can forget to enable.

Per-conversation keys → true erasure

Each conversation is encrypted under its own content key, which is itself stored encrypted under the organization's master key. This design gives you crypto-shredding: deleting a conversation drops its key, making the stored ciphertext permanently unrecoverable — a genuine erasure, not just a hidden row. This is what powers GDPR erasure (see Data protection & GDPR).

In transit

All traffic runs over TLS (HTTPS), terminated at the ingress. Session cookies are HTTP-only and marked Secure behind HTTPS, so they're never exposed to scripts or sent over plain HTTP.

Key management

  • The at-rest keys are 32-byte keys supplied to the deployment as secrets (kept in your secrets manager, not in the database).
  • The chat-content key and the connector-credential key are distinct.
  • Because encryption is real, key custody matters: losing a key crypto-shreds the data it protects. Operators are guided to back up key material separately from the data it encrypts.

The result: even someone with raw access to niil's storage sees only ciphertext, not your conversations, documents or credentials.