Security and privacy are foundational to how Duet is built. Here's how we keep your data safe at every layer of the stack.
Each Duet organization gets its own single-tenant cloud server — a dedicated, isolated sandbox infrastructure. Your data lives in a managed database hosted on multiple best-in-class cloud providers, where your data remains private. Your server’s file system, memory, and processes are fully isolated from every other user on the platform.
Duet’s infrastructure spans multiple best-in-class cloud providers. Your database and backend run on Convex, which is certified for SOC 2 Type II, ISO 9001, and GDPR compliance. Your agent’s sandbox runs on Deno Deploy, which is SOC 2 and ISO 27001 certified, using Firecracker microVMs (the same technology that powers AWS Lambda) for hardware-level isolation.
Only authenticated members of your organization. No one outside your organization can see or access your server, data, or conversations.
No. Duet routes AI requests through enterprise API tiers where your data is never used for model training. OpenAI’s API policy explicitly states that data sent through their API is not used to train or improve models. Anthropic’s commercial API terms similarly guarantee that inputs and outputs are not used for training. Google’s Vertex AI and Gemini API follow the same principle. These are contractual guarantees from each provider — your conversations, files, and agent interactions remain yours and are never fed back into any model’s training pipeline.
All data is encrypted at rest using AES-256 encryption and hosts on AWS infrastructure that meets rigorous compliance standards (SOC 2 Type II, ISO 9001, GDPR, HIPAA, FedRAMP). Your agent sandbox uses layered isolation — V8 isolates, Linux namespaces, seccomp filters, and cgroups — ensuring that even at the infrastructure level, your server’s processes and data are walled off from other tenants.
Your conversations, files, agent memories, and server contents are your own. We do not monitor, read, or analyze your content. We do not sell, rent, or share your data with third parties. If you contact support and a specific issue requires us to look at logs or data, we will ask for your explicit permission first.
Yes, at every layer. All data in transit is encrypted using TLS (HTTPS) — every connection between your browser, the Duet servers, and third-party APIs is secured. All data at rest in Convex is encrypted using industry-standard AES-256 encryption. Your agent sandbox on Deno Deploy runs in an isolated Firecracker microVM, and secrets stored in the sandbox are replaced with secure placeholder tokens — real values are only injected at the network layer when connecting to approved destinations, so even malicious code running in your sandbox cannot read or leak stored credentials.
Yes. You can delete your Duet account at any time from your account settings. If your organization is deleted, the entire sandbox, all apps, sessions, and data associated with it are removed. You can also disconnect individual integrations at any time, which revokes access and removes stored credentials. For any data deletion requests, contact us at team@duet.so.
Have more questions about how we handle your data? Reach out at team@duet.so