Your data. Your AI keys. Your control.
Tepun is built for teams who can't hand their data to a black box. With Bring-Your-Own-Key, strong encryption, granular access control, and a signed desktop client, your data and prompts stay under your control — not ours.
Data Governance Mode (BYOK)
Run Tepun in Data Governance Mode with your own OpenAI, Anthropic, or Google AI key. Your prompts and data are sent directly to your chosen provider under your account — Tepun never proxies them through a shared model — so your AI usage and data trail stay in-house. Your API key is encrypted at rest with AES-256 and never logged or shared.
Encryption
All traffic is encrypted in transit with TLS 1.2+. Sensitive data at rest — including your AI keys and database credentials — is encrypted with AES-256. Secrets are never exposed in logs or to third parties.
Access Control
Role-based access control (RBAC) governs who can view, edit, and share datasets and reports. Enterprise Pro adds SSO / SAML (Okta, Azure AD, Google) and full audit logs with export.
Signed & Hardened Desktop App
The Tepun desktop app is code-signed with an OV certificate and hardened with Electron security fuses. Each release ships with an integrity hash so tampered or repackaged clients are detected and can be blocked from connecting.
Infrastructure
Tepun runs on Microsoft Azure in hardened, isolated containers with managed, encrypted databases and automated patching. Enterprise Pro supports private / VPC / on-premise deployment for full data residency control.
Data Handling
You own your data. We process it only to provide the service, never to train models. You can export or delete your data at any time.
Compliance & certifications
| Data encryption (in transit & at rest) | Live | TLS 1.2+, AES-256 |
| Role-based access control | Live | Included on Enterprise & Enterprise Pro |
| Signed desktop client + integrity checks | Live | OV code signing, Electron fuses, asar hash |
| SSO / SAML & audit log export | Enterprise Pro | Okta, Azure AD, Google |
We publish status honestly. If a control matters for your security review and isn't listed here, ask us — we'll tell you exactly where we stand.
Responsible disclosure
If you believe you've found a security vulnerability, please email security@tepun.com. We'll acknowledge your report, keep you updated on remediation, and credit you if you'd like. Please give us a reasonable window to fix issues before public disclosure.
Running a security review?
We'll walk your team through our architecture, data flows, and security controls, and answer your security questionnaire. Enterprise Pro includes SSO, audit logs, an SLA, and private deployment.
Talk to us about Enterprise Pro