Skip to main content

Zero Data Movement

Vigilos is built on a fundamental principle: your data never leaves your infrastructure. Unlike traditional BI tools that copy data into their own warehouses, Vigilos queries your database directly and returns only the result set for visualization. This means:
  • No data warehousing or ETL pipelines
  • No stale or cached copies of your data
  • No data residency concerns - your data stays where it is
  • Full control over your data lifecycle
The only data Vigilos stores is metadata: connection configurations (encrypted), semantic model definitions, saved insight queries, and dashboard layouts. Your actual business data is never persisted by Vigilos.

Credential Encryption

All sensitive credentials are encrypted with AES-256 before being written to the database. This applies to:
Credential TypeExamples
Database connectionsHostname, username, password, SSL certificates
AI provider keysAnthropic API keys, OpenAI API keys, AWS access keys
Integration tokensSlack bot tokens, OAuth access tokens
Credentials are encrypted immediately upon submission. Plaintext values are never stored at rest, and they are only decrypted at the moment they are needed to make an outbound connection.
Even Vigilos platform administrators cannot view plaintext credentials. There is no admin interface or backdoor for reading stored secrets.

Multi-Tenant Isolation

Vigilos enforces strict organization-level isolation using multiple layers:

Database-Level Security Policies

Every table in the Vigilos platform database has security policies that automatically filter rows to the authenticated user’s organization. These policies are enforced at the database level and cannot be bypassed by application code. Every query - whether from the API, background jobs, or internal services - passes through the same security checks.

Organization Membership Verification

In addition to database-level policies, every API request verifies that the authenticated user is a member of the organization that owns the requested resource. This two-layer approach ensures that:
  • Users can only access resources belonging to their organization
  • Cross-organization data access is impossible, even in the event of application-level bugs
  • Resource isolation applies to all entity types: connections, semantic models, insights, dashboards, automations, and integrations

Authentication

Vigilos provides secure identity management with the following capabilities:
FeatureDetails
Email/passwordStandard email and password authentication with secure password hashing
Email verificationNew accounts must verify their email address via a secure token link
Password resetForgot-password flow with time-limited reset tokens that expire after use
Session managementSecure token-based sessions with automatic refresh

Authorization Model

Vigilos implements a layered authorization system that combines role-based access control with resource-level permissions.

Role-Based Access Control

Every organization member is assigned one of four roles, each with increasing permissions:
RoleScope
ViewerRead-only access to shared dashboards and insights
MemberCreate and manage their own dashboards, insights, and reports
AdminManage connections, semantic models, team members, integrations, and automations
OwnerFull organizational control including settings and deletion
See Team Management for the full permissions table.

Resource-Level Permissions

Individual resources (insights, dashboards, reports) are private by default. Only the creator can view and edit a resource unless they explicitly share it. Sharing is managed through the resource sharing system:
  • Share with specific organization members
  • Share with the entire organization
  • Assign read-only or edit access per share
Admin and owner roles do not automatically grant access to private resources created by other members. Access must be explicitly granted through sharing.

Data in Transit

All connections between Vigilos components are encrypted with TLS/SSL:
  • Browser to Vigilos - HTTPS with TLS 1.2+ for all web traffic
  • Vigilos to your database - SSL/TLS connections supported (and recommended) for all database types
  • Vigilos to AI providers - HTTPS for all API requests to AI model providers
  • Vigilos to integrations - HTTPS for all communication with Slack and other third-party services

Infrastructure

Vigilos is hosted on secure cloud infrastructure with:
  • Encrypted storage volumes
  • Network isolation between tenants
  • Regular security updates and patching
  • Automated backups of platform metadata

GDPR Compliance

Vigilos’s architecture naturally aligns with GDPR principles:
  • Data minimization - Vigilos does not store your business data, only the metadata needed to operate the platform
  • Right to erasure - Users can request full account deletion, which removes all associated metadata, credentials, and organization data
  • Data portability - Semantic model definitions and dashboard configurations can be exported
  • Lawful basis - Data processing is limited to what is necessary to provide the service
  • No third-party data sharing - Your query results are delivered only to you and your authorized team members