Your workspace holds your customer list, your pipeline, and your conversations. Here is how we protect it. Questions or reports go to josue@valiant-os.com.
Encryption
All traffic is encrypted in transit with TLS. Data is encrypted at rest by our infrastructure providers. Off-site backups are additionally encrypted with keys we control before leaving the database host.
Workspace isolation
Every row of customer data is scoped to a workspace and enforced with database-level row security — isolation is applied by the database itself on every query, not just by application code.
Humans stay in the loop
AI agents draft; people approve. Outbound actions — emails, text messages, payment requests — are queued for explicit approval before anything leaves your workspace. Connected accounts use scoped OAuth grants you can revoke at any time, and API tokens are stored as salted hashes, never in plain text.
Your AI credentials never touch our servers
The desktop app’s “local brain” runs Val on your own AI assistant, on your machine, using your own subscription. Your AI-provider login stays in that assistant’s credential store — ValiantOS never reads, stores, or transmits it.
Backups and recovery
We take nightly encrypted backups, store them off-site, and regularly test restoring from them.
Responsible disclosure
If you believe you have found a vulnerability, email josue@valiant-os.com with enough detail to reproduce it. We will acknowledge promptly, work with you in good faith, and not pursue action against good-faith research that respects customer data and service availability.