Announcing Siden: AI agents

Security

Security is at the core of everything we do. Learn about our comprehensive approach to protecting your data and ensuring platform integrity.

Last updated: August 16, 2025

Keeping your business data and AI automation workflows secure is important to us. This page outlines how we approach security for Siden.

Please submit potential vulnerabilities to security@siden.ai.

For any security-related questions, feel free to contact us at security@siden.ai.

While we have several large organizations already trusting Siden, please note that we are still in the journey of growing our product and improving our security posture. If you're working in a highly sensitive environment, you should be careful when using Siden (or any other AI tool). We hope this page gives insight into our progress and helps you make a proper risk assessment.

Certifications and Third-Party Assessments

Siden is working towards SOC 2 Type II certification. Please contact security@siden.ai for updates on our certification timeline.

We commit to doing at-least-annual penetration testing by reputable third parties. Please contact security@siden.ai to request an executive summary of the latest report.

Infrastructure Security

We depend on the following subprocessors, roughly organized from most critical to least. Note that business data is sent to our servers to power all of Siden's AI features (see AI Requests section).

AWS - Sees and stores business data

Our infrastructure is primarily hosted on AWS. All of our servers are in the US.

Cloudflare - Sees business data

We use Cloudflare as a reverse proxy in front of parts of our API and website in order to improve performance and security.

Anthropic - Sees business data

We rely on Anthropic's models to provide AI responses. We have a zero data retention agreement with Anthropic.

Supabase - Stores business data

We use Supabase for database services. User data and business information is stored with Supabase on servers in the US.

Stripe - Sees no business data

We use Stripe to handle billing. Stripe will store your personal data (name, credit card, address).

WorkOS - Sees no business data

We use WorkOS to handle authentication. WorkOS may store some personal data (name, email address).

None of our infrastructure is in China. We do not directly use any Chinese company as a subprocessor, and to our knowledge none of our subprocessors do either.

We assign infrastructure access to team members on a least-privilege basis. We enforce multi-factor authentication for AWS. We restrict access to resources using both network-level controls and secrets.

AI Requests

To provide its features, Siden makes AI requests to our server. This happens for many different reasons. For example, we send AI requests when you ask questions in chat, we send AI requests when agents perform automated tasks, and we may also send AI requests in the background for building up context or analyzing workflows.

An AI request generally includes context such as your business data, conversation history, and relevant pieces of information from connected integrations. This data is sent to our infrastructure on AWS, and then to the appropriate language model inference provider (Anthropic). Note that the requests always hit our infrastructure on AWS even if you have configured your own API key for Anthropic in the settings.

We currently do not have the ability to direct-route from the Siden app to your enterprise deployment of Anthropic/Azure/OpenAI, as our prompt-building happens on our server, and our custom integrations are critical in providing a good user experience. We do not yet have a self-hosted server deployment option.

Data Security

We employ industry-standard measures to protect your data, including:

  • Encryption in transit (TLS 1.3) via Cloudflare and AWS
  • Encryption at rest (AES-256) via AWS and Supabase
  • Secure cloud infrastructure (AWS and Supabase in U.S. data centers)
  • Multi-factor authentication for infrastructure access
  • Network-level controls and least-privilege access

Data Retention & Transfers

Retention: We retain business data for as long as your account is active plus 24 months of inactivity, unless law requires otherwise.

Transfers: All data is stored and processed in the U.S. We do not transfer data internationally.

Account Deletion

You can delete your account at any time in Settings (click "Delete Account"). This will delete all data associated with your account, including any business data and automation workflows. We guarantee complete removal of your data within 30 days (we immediately delete the data, but some of our databases and cloud storage have backups of no more than 30 days).

It's worth noting that if any of your data was used in model training, our existing trained models will not be immediately retrained. However, any future models that are trained will not be trained on your data, since that data will have been deleted.

Vulnerability Disclosures

If you believe you have found a vulnerability in Siden, please reach us at security@siden.ai.

We commit to acknowledging vulnerability reports within 5 business days, and addressing them as soon as we are able to. We will publish the results in the form of security advisories. Critical incidents will be communicated via email to all users.