Security & Compliance — Tokyo Brain

Security is foundational to Tokyo Brain. When you trust us with your AI agents' memories, we take that responsibility seriously. Here's a technical overview of how we protect your data.

🔐

AES-256-GCM

Envelope encryption at rest with dedicated key hierarchy

🌐

TLS 1.3

All data in transit encrypted with latest TLS standard

🏯

AWS Tokyo

Infrastructure in ap-northeast-1 within private VPC

🔑

Multi-layer Auth

JWT + API key + Agent auth with rotate/revoke support

1. Encryption

At Rest

All stored data is encrypted using AES-256-GCM with an envelope encryption architecture:

Key Encryption Key (KEK): Master key managed via AWS KMS, never leaves the HSM boundary
Data Encryption Key (DEK): Unique per-tenant keys encrypted by the KEK
Rotation: KEK rotated annually; DEK rotated on demand or upon key compromise

In Transit

TLS 1.3 enforced for all API communications — TLS 1.2 and below are rejected
mTLS (mutual TLS) available for agent-to-agent authentication flows
Certificate pinning recommended for production agent deployments

2. Infrastructure

Component	Detail
Region	AWS Tokyo (`ap-northeast-1`)
Network	Private VPC with no public database access
CDN / DNS	Cloudflare with DDoS protection
Database	Private subnets only, no internet-facing endpoints
Secrets	AWS Secrets Manager with automatic rotation

3. Authentication & Authorization

Tokyo Brain supports multiple authentication layers to fit different integration patterns:

API Key Authentication

Standard API keys for server-to-server communication. Keys can be rotated and revoked instantly through the dashboard or API.

JWT Tokens

Short-lived JSON Web Tokens for session-based access with configurable expiration.

Agent Authentication

Dedicated agent keys (prefixed nx_live_) designed for AI agent integrations:

Per-agent key isolation
Instant rotate and revoke capabilities
Scope-limited permissions per key
mTLS support for zero-trust agent deployments

4. Data Isolation

Strict multi-tenancy ensures your data is completely isolated:

Per-tenant namespace: Each account operates in an isolated namespace with unique encryption keys
Collection-level separation: Within your namespace, data is further isolated by collection with independent access controls
Query isolation: Cross-tenant queries are architecturally impossible — not just restricted by policy

5. Memory Sanitization

AI memory data presents unique security challenges. We implement multiple defense layers:

Prompt injection detection: Incoming memory data is scanned for known prompt injection patterns before storage
Zero-width character filtering: Unicode zero-width characters and other steganographic vectors are stripped to prevent hidden instruction injection
Content validation: Structural validation ensures stored memories conform to expected schemas
Retrieval sanitization: Output encoding applied on recall to prevent injection during agent consumption

6. Backup & Recovery

Backup Type	Frequency	Retention
Automated snapshots	Daily	8-day rolling window
Permanent archives	Monthly	Indefinite (S3 Glacier)
Storage	Amazon S3 with server-side encryption (SSE-S3)

Recovery procedures are tested quarterly. Target RPO is < 24 hours, target RTO is < 4 hours.

7. Compliance Roadmap

Standard	Status
GDPR (Articles 15–17)	Supported — Access, export, and delete APIs available
CCPA	Supported — Full data access and deletion rights
SOC 2 Type II	Planned 2027
ISO 27001	Under evaluation

8. Responsible Disclosure

We welcome responsible security research. If you discover a vulnerability:

🛡️ Report security issues to security@tokyobrain.ai

We will acknowledge receipt within 24 hours
We will provide an initial assessment within 72 hours
We will not take legal action against good-faith security researchers
We will credit researchers (with permission) in our security advisories

Please allow us reasonable time to address issues before public disclosure.

9. Questions

For security-related inquiries not covered here:

📧 security@tokyobrain.ai