Per-client isolation
Each client runs in its own isolated deployment with dedicated datastore credentials and a dedicated Notion workspace. One client cannot access another's data.

Saberra captures what your team decides and commits to, and organizes it into your own Notion workspace for human review. Here is exactly how we protect it.
Every architectural decision about your data comes back to one rule: your memory belongs to your organization, not to us.
Each client runs in its own isolated deployment with dedicated datastore credentials and a dedicated Notion workspace. One client cannot access another's data.
Saberra never publishes or approves changes to your canonical records. It proposes drafts. Your people decide what becomes trusted organizational truth.
Your content is used only to process your own requests. It is never used to train AI models, shared with other clients, or aggregated for any purpose.
Records can be marked Sensitive (flagged in output) or Restricted (excluded from AI retrieval entirely). An admin-only review surface sits outside the main workspace.
IP addresses are stripped from stored records and never surfaced. We capture what serves organizational memory, not more.
All service and datastore connections use TLS. Managed datastores are encrypted at rest. Secrets live only in the deployment environment, never in source code.
Every credential in the system is scoped, revocable, and designed so a single compromised token cannot cascade into a wider breach.
Constant-time token auth on the API, with request size limits and per-IP plus global rate limiting on all public endpoints.
Per-connection tokens for AI connectors Each integration token (e.g., Claude) is individually revocable and survives a master-secret rotation. No integration stores a shared master credential.
Hashed credentials Dashboard passwords are stored with scrypt and a per-user salt. Password changes and deactivations invalidate sessions immediately.
Scoped per-user Google connections. When a person connects their own Google account, the system is built so it can act only on that person's own account, never another's.
Per-tenant spend caps bound AI usage and contain any runaway or abusive activity.
The pipeline that protects your memory operates the same way the memory system itself does: nothing becomes trusted without review.
Every change passes a type-check gate, an end-to-end smoke suite, and a behavioral evaluation of the assistant run against a sandbox environment before release.
Deploys roll out in stages: sandbox to staging to production, each behind a health gate. Production is never released without passing the earlier gates.
Every service publishes a health endpoint reporting its running release, monitored continuously. Deploys are health-gated.
Saberra does not use any subprocessors beyond this list. Changes to the list are communicated to active customers before they take effect.
A Data Processing Agreement and current subprocessor list are available for customers who require them. Security questionnaires are welcome and turned around quickly. Reach us at security@saberra.com.