Lia operates on private, secure, encrypted infrastructure. Vault-level security isn't a feature, it's a promise.
Lia runs on SOC 2 Type II certified infrastructure, independently audited, continuously verified.
Every credential, every token, every connection, encrypted before it touches storage.
Your Google OAuth tokens are encrypted with AES-256-GCM before storage. Every credential, every token, locked tight.
Sub-millisecond scan for known prompt injection patterns. Caught instantly.
ML-powered injection detection. Obfuscated attacks and novel patterns blocked before reaching the model.
Every outbound email scanned for leaks. If something looks wrong, it doesn't send.
Hard caps on actions to limit blast radius. Every limit hit is logged.
Every user gets their own isolated agent and memory. Your data never crosses into anyone else's.
Production-grade infrastructure with automated daily backups.
We use promptfoo to run adversarial attacks across 12 categories and 1,600+ test cases. Every release is tested before deploy.
Run /delete and everything goes. No soft-deletes, no retention windows. Gone means gone.
Your data is never used for training. We explicitly opt-out of all AI model training using customer data.
Minimum access, maximum function. Lia requests only the Google scopes needed (Gmail, Calendar). Nothing more.
Transparency over obscurity. If something breaks, Lia tells you. No vague error messages.
Deletion means deletion. When you leave, your data leaves with you.