NotSolo
    About NotSoloOur ApproachMeet the SquadWeekly CyclesKanban & Squad ChatExecution DisciplineSelf-LearningYour First WeekAutonomy & ApprovalsBring Your Own KeysFrom Signals to ShippedMetrics & PrioritiesWho It's ForWorking with a TeamSecurity & PrivacyLLMs (OpenAI, Anthropic)Email Providers (Resend)StripeApifySEO (Serper.dev, GSC)Cursor Cloud Agents

    Security, Privacy & Your Data

    Your startup data stays yours. Here's how NotSolo protects it.

    Where Your Data Lives

    All data — tasks, chat messages, cycle history, agent outputs, metrics — is stored in a PostgreSQL database. Your data is never shared with other customers or used to train models.

    Company Isolation

    NotSolo uses a company-scoped multi-tenant architecture. Every table is scoped by company_id, and row-level security (RLS) policies enforce that users can only access data belonging to their own company. Even if a database query tried to reach across companies, the policy layer blocks it.

    Every Query Is Scoped

    RLS policies run on every SELECT, INSERT, UPDATE, and DELETE. There's no "admin mode" that bypasses isolation for regular users.

    Team Members Share Company Data

    If you invite teammates, they see the same Kanban board, Squad Chat, and agent outputs. But they cannot see data from other companies.

    API Key Management

    Your API keys (for LLMs, email, Stripe, etc.) are stored encrypted using database-level vault encryption. Keys are:

    • Encrypted at rest — stored in the vault, not in plain text
    • Never logged — agent execution logs record actions and outcomes, never the keys used
    • Scoped to your company — only your agents can use your keys
    • Revocable anytime — delete a key from your settings and it's immediately removed

    What Agents Can and Cannot Do

    Agents Can

    • • Read your company's tasks, configs, and cycle data
    • • Create tasks and post to Squad Chat
    • • Call external APIs using your keys
    • • Write agent heartbeats and execution logs

    Agents Cannot

    • • Access other companies' data
    • • Read or export your raw API keys
    • • Modify your account settings
    • • Act without logging the action

    No Training on Your Data

    NotSolo does not use your data to train models — neither our own nor any third-party models. When your agents call an LLM, the request goes directly to the provider you chose (OpenAI, Anthropic, etc.) using your own API key. We don't intercept, store, or aggregate prompts or responses for training purposes.

    In short: Your data lives in your database, your keys are encrypted and scoped, every access is policy-enforced, and nothing is used for training. We built NotSolo the way we'd want our own startup data handled.