Security

Private in. Private out. Provable throughout.

Your data lives in a node you own. It leaves only through a firewall that discloses the minimum necessary — logged, yours to take back, and attack-tested before every release.

Collect

Data is protected the moment it enters your node.

Own

It lives in a database that belongs to you.

Share

It leaves only with permission you give — and can take back.

Verified by release-blocking privacy tests

Private collection

Protection is the default, not a setting

Most products bolt privacy on at share time — a checkbox you have to remember. TOPOS applies it at ingest: as data enters your node, the privacy layer writes a protected copy alongside the raw record — identifiers redacted, sensitive content tagged.

You always see raw. People you share with get the protected form, because it exists before anyone asks.

incoming recordprivacylayerYou see rawdinner w/ Maya, 7pm —call 555-0142 re: leaseOthers see protecteddinner w/ [person], 7pm —call [phone] re: lease

Records still awaiting processing can’t be shared — the layer fails closed.

Your node

A database you own, not an account you rent

No honeypot

Your data lives in your own database — on your device, your infra, or a hosted node. No pooled corpus to breach.

Consent at the edge

Connectors write only after you authorize them. Disconnect any source or app at any time.

AI without surrender

No training on your data. Run sensitive inference on local models, or bring your own keys.

Open-source engine

The code that stores, redacts, and discloses your data is open to inspection — and to self-hosting.

Private sharing

The Cognitive Firewall

Every request — from a person, an app, or an AI — passes four gates before anything leaves your node.

  1. Authorization

    No permission for this asker, this data, this kind of question? Refused before retrieval even runs.

  2. Disclosure

    Only the protected form, filtered — minimum necessary, never a data dump.

  3. Negotiation

    Too broad? The firewall counters: narrow the ask, get an answer.

  4. Minimizer

    A final pass that can only remove facts — a compromised model can’t add a leak.

Filters are decided server-side from the permissions you set — never by the asker’s app.

Full visibility

Watch every read. Watch every write. Stop sharing anytime.

Every connection to your node is logged and counted. Nothing touches your data silently.

  • Live dashboard. All-time and 24-hour counts for every kind of access.
  • Per-app accounting. Which app read or wrote what, under which account.
  • One click to stop. Any access you gave, you can cut — instantly.

Your node. Your ledger. Your call.

Top apps by write volume shown as a ranked bar chart
Top connectors.
TOPOS activity dashboard showing all-time and last-24-hour counts for third-party access, user access, routine access, MCP requests, connected apps, and connected users
Access activity across your node, all-time and last 24 hours.
Table of connected apps with per-app read and write counts and the signed-in account for each connection
Reads and writes, itemized per app and account.

Proof, not promises

We attack our own firewall before every release

Every privacy page makes claims. Ours are tested — a release ships only if it survives the full probe battery:

  • no permission
  • permission taken back
  • expired permission
  • out-of-bounds question
  • forged permissions
  • session hijack
  • prompt injection
  • planted canaries
0Unauthorized-Access Raterequired for every release
0Canary-Exfiltration Raterequired for every release

One leak blocks the release. Every release ships with a reproducible scorecard.

And when anything is uncertain, the firewall fails closed: no permission, no data.

Foundations

The groundwork underneath

Standards-based access

OAuth2 / OpenID Connect with UMA grants. No proprietary identity scheme.

Transport security

TLS on every connection between clients, sites, and APIs.

Third-party AI, minimized

Outside providers only for the feature you invoked — or point TOPOS at local models.

Content policy at the boundary

Sensitive-content tagging and exclusion on anything shared.

Uniform denials

Denials look the same whether the data exists or not.

No lock-in

Open engine, standard auth, a database you can move.

Private in. Private out. Provable throughout.

enter TOPOS →