SECURITY WHITEPAPER
Technical Whitepaper on Security and Privacy
DataChef is designed for enterprise-level technical due diligence. We explicitly embrace data retention as the foundation for high-context hospitality intelligence, while enforcing strict controls that protect that asset throughout its lifecycle.
Security Snapshot
Privacy by Design embedded in architecture decisions
Google Cloud + Firebase operational foundation
At Rest Encryption (AES-256) / In Transit Encryption (TLS 1.2+)
OAuth 2.0 / OpenID Connect with Principle of Least Privilege
Security Control Matrix
| Control Domain | Implementation | Assurance Lens |
|---|---|---|
| Encryption | All persisted data is encrypted with AES-256, and all network paths are protected with TLS 1.2+. | At Rest and In Transit encryption requirements are both enforced. |
| Identity & Access | Google OAuth 2.0 and OpenID Connect are integrated to avoid managing custom password vaults. | MFA-capable authentication strength and scope-level least privilege are maintained. |
| Multi-tenancy Isolation | Tenant data entities are logically isolated with enforced access boundaries. | Cross-tenant access is structurally blocked by design. |
| AI Processing Confidentiality | Closed API-based processing is used for Gemini and related models, with enterprise opt-out controls enabled. | Prompts and conversation data are never reused for external foundation-model training. |
| Data Sovereignty | Data ownership remains with each customer; lifecycle controls support governance and deletion requests. | Right-to-erasure workflows are technically executable. |
1. Design Principle (Privacy by Design)
To protect customer data as a professional intellectual asset, DataChef enforces Privacy by Design from initial architecture planning.
We reject the notion that usability and confidentiality must trade off. Our position is that both can and must coexist through disciplined systems architecture.
- Data classification and boundary definition at requirements stage
- Security impact review embedded in feature delivery flow
- Confidentiality enforced by architectural constraints, not operational luck
2. Infrastructure and Data Isolation
Our platform runs on Google Cloud Platform (GCP). Stored data is protected with AES-256 encryption, while all service traffic is secured with TLS 1.2 or higher.
Within our multi-tenant environment, each tenant's data entities are fully isolated at the logical layer, structurally preventing unauthorized access across tenants.
- Dual-layer encryption controls (At Rest and In Transit)
- Data model engineered around tenant boundary isolation
- Isolation guarantees preserved as workload scales
3. Access Control via Google's Identity Stack
We intentionally eliminate in-house username/password credential systems, a common attack surface, by integrating Google OAuth 2.0 and OpenID Connect.
This allows us to inherit Google's robust authentication posture, including MFA support. For Google Drive ingestion, access is constrained to explicitly authorized minimum scopes only.
- Principle of Least Privilege applied to OAuth scopes
- Authentication assurance delegated to hardened cloud identity controls
- Reduced risk surface by removing custom credential storage
4. Confidentiality in AI Model Processing
DataChef interacts with Gemini and related AI models through closed, API-mediated channels.
Prompts and talk history processed through this path are never reused to train external foundation models (enterprise opt-out applied). Customer-specific context and know-how remain contained within customer-dedicated boundaries.
- Training opt-out controls enforced by configuration and policy
- Data minimization applied when interfacing with model APIs
- Customer context remains siloed from external reuse paths
5. Data Lifecycle and Ownership
Accumulated conversation history is treated as a dynamic asset that enables high-context hospitality decisions over time.
Data sovereignty remains with the customer at all times. We technically support governance, retention control, and right-to-erasure execution under customer intent.
- Lifecycle controls cover retention, update, and deletion states
- Operational path for customer-directed deletion requests
- Asset continuity balanced with compliance-grade governance