Security architecture for production teams.

Octomil is built around data minimization and scoped control-plane access. This page covers the security architecture, access controls, and review posture behind the platform.

What stays on-device, what is shared

Stays on-device

  • Raw user data (text, images, sensor readings, biometrics)
  • Inference inputs and outputs
  • Feature extraction and embedding results
  • Local model adaptations and personalization data

Transmitted to control plane

  • Device health signals: battery, connectivity, completion status
  • Telemetry: latency, model quality, and rollout progress
  • Model artifacts and deployment state (encrypted in transit)

Designed to avoid centralizing raw end-user content.

Identity and access control

User authentication

Passkeys and OAuth are available today. Enterprise can add SSO (SAML 2.0) and SCIM directory sync. All sessions are scoped to a single organization.

Device authentication

Devices authenticate with a short-lived bootstrap token issued by your backend. It is exchanged server-side for device credentials so long-lived secrets do not need to ship with the client.

Token rotation and revocation are handled through the control plane API or dashboard.

API authentication

Backend API keys remain server-side only. Keys are org-scoped with configurable permissions. Key rotation and revocation are supported without downtime.

Least privilege by default

Role-based access control

Three roles with escalating permissions: Member, Admin, and Owner. Admin roles require explicit provisioning.

Tenant isolation

Models, devices, deployments, device groups, and related resources are scoped to the owning organization. Cross-tenant reads and writes are denied at the API layer.

Actor-attributed logging for every action

Audit trail

Identity lifecycle events, policy changes, rollout promotions, model approvals, device revocations, and SCIM sync operations are logged with actor attribution and timestamps. Enterprise can export audit logs for review.

Operational telemetry

Fleet health, rollout progress, model quality signals, and system status are available in the monitoring dashboard. Public status is available at status.octomil.com.

Security and compliance signals

SOC 2 Type II In progress

We are building and documenting controls with SOC 2 review in mind. Formal audit timing can be discussed during evaluation.

HIPAA Reviewable

Data minimization can make Octomil a fit for healthcare and other privacy-sensitive deployments. Contact us if you need to review a BAA path.

GDPR By architecture

On-device execution and data minimization can reduce the amount of personal data processed centrally. Final obligations still depend on your implementation.

Infrastructure and deployment options

Cloud deployment (default)

Octomil runs on managed cloud infrastructure with isolated compute, health monitoring, and encrypted transit and storage.

VPC deployment (Enterprise)

Run Octomil in your own cloud account within your network boundaries. This keeps deployment under your existing security controls and review process.

Available on Enterprise tier. Contact [email protected] to discuss.

Operational targets

99.95% API availability target (30-day window)
< 500ms API latency p99 target (30-day window)
≤ 60 min Recovery time objective (RTO) for core control plane
30 min Maximum update interval for high-impact incidents

Enterprise contracts can include uptime and support commitments. Planned maintenance is announced in advance. Live status is published at status.octomil.com.

Full security documentation

For deeper technical detail on security architecture, device tokens, and operational targets, see the documentation.

HIPAA deployment path Security architecture guide Device token lifecycle Operational SLOs

We're happy to discuss your requirements.

If you need to evaluate Octomil for a regulated environment or complete a security review, reach out to our team.

Contact our team Start sandbox