Security & data governance

Your data. Your AI keys. Your control.

Tepun is built for teams who can't hand their data to a black box. With Bring-Your-Own-Key, strong encryption, granular access control, and a signed desktop client, your data and prompts stay under your control — not ours.

Data Governance Mode (BYOK)

Run Tepun in Data Governance Mode with your own OpenAI, Anthropic, or Google AI key. Your prompts and data are sent directly to your chosen provider under your account — Tepun never proxies them through a shared model — so your AI usage and data trail stay in-house. Your API key is encrypted at rest with AES-256 and never logged or shared.

Encryption

All traffic is encrypted in transit with TLS 1.2+. Sensitive data at rest — including your AI keys and database credentials — is encrypted with AES-256. Secrets are never exposed in logs or to third parties.

Access Control

Role-based access control (RBAC) governs who can view, edit, and share datasets and reports. Enterprise Pro adds SSO / SAML (Okta, Azure AD, Google) and full audit logs with export.

Signed & Hardened Desktop App

The Tepun desktop app is code-signed with an OV certificate and hardened with Electron security fuses. Each release ships with an integrity hash so tampered or repackaged clients are detected and can be blocked from connecting.

Infrastructure

Tepun runs on Microsoft Azure in hardened, isolated containers with managed, encrypted databases and automated patching. Enterprise Pro supports private / VPC / on-premise deployment for full data residency control.

Data Handling

You own your data. We process it only to provide the service, never to train models. You can export or delete your data at any time.

Compliance & certifications

Data encryption (in transit & at rest) Live TLS 1.2+, AES-256
Role-based access control Live Included on Enterprise & Enterprise Pro
Signed desktop client + integrity checks Live OV code signing, Electron fuses, asar hash
SSO / SAML & audit log export Enterprise Pro Okta, Azure AD, Google

We publish status honestly. If a control matters for your security review and isn't listed here, ask us — we'll tell you exactly where we stand.

Responsible disclosure

If you believe you've found a security vulnerability, please email security@tepun.com. We'll acknowledge your report, keep you updated on remediation, and credit you if you'd like. Please give us a reasonable window to fix issues before public disclosure.

Running a security review?

We'll walk your team through our architecture, data flows, and security controls, and answer your security questionnaire. Enterprise Pro includes SSO, audit logs, an SLA, and private deployment.

Talk to us about Enterprise Pro