Authentication
Circuit supports authentication through external identity providers:- Google: OAuth 2.0 / OpenID Connect
- Microsoft: OAuth 2.0 / OpenID Connect via Azure AD
Data isolation
Circuit isolates customer data at the infrastructure level. Each workspace’s data is stored separately, ensuring that one workspace’s documents are never co-mingled with another’s.Encryption
| Layer | Method |
|---|---|
| In transit | TLS 1.2+ for all API and web traffic |
| At rest | AES-256 encryption for database storage and object storage (S3) |
| Document storage | Documents are stored in encrypted S3 buckets with server-side encryption |
Access control model
Circuit implements role-based access control at multiple levels:Workspace level
Workspace level
- Primary owner: full control over the workspace
- Admin: can manage users, indexes, and agents
- Member: can access resources shared with them
Index level
Index level
- Owner: full control over the index and its documents
- Admin: can manage documents and settings
- Viewer: read-only access to the index contents
Agent level
Agent level
- Owner: full control over the agent
- Admin: can modify agent configuration and sharing
- Viewer: can chat with the agent but cannot modify it
API key security
For embedded chat widgets and API integrations:- API keys are agent-specific: each key is tied to a single agent
- Keys can be domain-restricted to only accept requests from specified web domains
- Rate limiting is enforced at 60 requests per minute per API key
- Keys can be revoked at any time from the agent settings
Infrastructure
- Cloud provider: AWS
- Compute: Containerized services running on Kubernetes
- Monitoring: Application performance monitoring and logging
- Backups: Regular automated database backups
For specific compliance questions (SOC 2, GDPR, HIPAA, etc.), contact the Circuit team directly.