Tektoro EMS Logo
Sign In

Data Privacy and Security

How TekToro protects your data within the AI assistant, including tenant isolation, access controls, and audit trails.

TekToro's AI assistant is built with enterprise-grade data protection at every layer. This page explains how your data is protected when using AI features.

Tenant Isolation

Every organization's AI environment is completely isolated. Your data — projects, financials, clients, documents, and conversation history — is accessible only within your organization's environment.

This isolation is enforced at the database level. Even if a software bug occurred in the AI layer, the database itself prevents any cross-organization data access. This is the same security model that protects all data across the TekToro EMS platform.

Zero-Training Guarantee

TekToro does not use your data to train, fine-tune, or improve AI models — period. This includes:

  • Financial records and invoices
  • Client identities and contact information
  • Project data, timelines, and budgets
  • Uploaded documents and knowledge base content
  • Conversation history and AI interactions

Your data is used exclusively to answer your questions within your sessions. It is never aggregated with other organizations' data or fed into model training pipelines.

Role-Based Access Control

The AI assistant enforces the same role-based permissions that govern the rest of the EMS platform:

  • Full Seat users can query the AI about any data they have access to, manage the document knowledge base, and configure AI settings
  • Light Seat users can query the AI about data within their authorized scope — typically project execution, time tracking, and operational data
  • Client Seat users can query the AI about their designated project milestones, financial status, and shared documents

If a user asks the AI about data outside their permission scope, the AI will respond that the information is not available to their role. It will not reveal that the data exists elsewhere in the system.

Human-in-the-Loop Controls

All AI outputs are advisory. The AI assistant provides information, drafts, and recommendations — but never takes autonomous action:

  • No AI response triggers a financial transaction without explicit user authorization
  • No AI output modifies project data, task assignments, or system configuration automatically
  • Draft outputs (emails, change orders, reports) are presented for review before any action is taken

This ensures that humans remain in control of all business-critical decisions.

Audit Trails

Every AI interaction is logged for compliance and governance:

  • User identity — who initiated the conversation
  • Query content — what was asked
  • Data accessed — which records the AI retrieved to form its response
  • AI response — the full output delivered to the user
  • Timestamp — when the interaction occurred

These audit records support internal compliance reviews, regulatory requirements, and governance oversight. Administrators can review AI activity logs from the platform's administration panel.

Document Security

Documents uploaded to the knowledge base are protected with the same security controls as all data in the EMS:

  • Encrypted in transit using TLS 1.2+
  • Encrypted at rest using AES-256
  • Stored within your organization's isolated environment
  • Accessible only to users with appropriate permissions
  • Permanently deleted when removed from the knowledge base