Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.circuit.ai/llms.txt

Use this file to discover all available pages before exploring further.

Circuit is designed for enterprise use with security built into every layer. This page covers the key security properties that IT teams need to evaluate and manage.

Authentication

Circuit supports authentication through external identity providers:
  • Google: OAuth 2.0 / OpenID Connect
  • Microsoft: OAuth 2.0 / OpenID Connect via Azure AD
Users authenticate through their existing corporate identity provider. Circuit does not store passwords. Authentication is delegated entirely to the identity provider. For SSO configuration details, see SSO setup.

Data isolation

Circuit isolates customer data at the infrastructure level. Each workspace’s data is stored separately, ensuring that one workspace’s documents are never co-mingled with another’s.

Encryption

LayerMethod
In transitTLS 1.2+ for all API and web traffic
At restAES-256 encryption for database storage and object storage (S3)
Document storageDocuments are stored in encrypted S3 buckets with server-side encryption

Access control model

Circuit implements role-based access control at multiple levels:
  • Primary owner: full control over the workspace
  • Admin: can manage users, indexes, and agents
  • Member: can access resources shared with them
  • Owner: full control over the index and its documents
  • Admin: can manage documents and settings
  • Viewer: read-only access to the index contents
  • Owner: full control over the agent
  • Admin: can modify agent configuration and sharing
  • Viewer: can chat with the agent but cannot modify it
Access is explicit. Users can only access indexes and agents that have been directly shared with them or with a group they belong to. Workspace admins have visibility into all resources.

API key security

For embedded chat widgets and API integrations:
  • API keys are agent-specific: each key is tied to a single agent
  • Keys can be domain-restricted to only accept requests from specified web domains
  • Rate limiting is enforced at 60 requests per minute per API key
  • Keys can be revoked at any time from the agent settings

Infrastructure

  • Cloud provider: AWS
  • Compute: Containerized services running on Kubernetes
  • Monitoring: Application performance monitoring and logging
  • Backups: Regular automated database backups
For specific compliance questions (SOC 2, GDPR, HIPAA, etc.), contact the Circuit team directly.