Security & privacy

Four privacy modes. You pick the tradeoff.

tableArth.ai is built for B2B software that ships to customers of every privacy posture — from cloud-native to fully local. Set the mode per customer, per workspace, or per data table.

Most capable

Full AI

Rich answers with chart and insight. LLM sees the full table.

Capability
Privacy

Masked data

Text values tokenized before the LLM. Original values restored in output.

CapabilityPrivacy
Hybrid

Stats only

AI sees column statistics. Full table rendered locally — rows never exposed.

CapabilityPrivacy
Most private

Local template

Pure server-side rendering. Zero external API calls.

Privacy

Plus API key + origin guard — every widget locked to your domain.

Answer modes

Flexible for every use case.

Same engine, four operating profiles. Configure per customer, per table, or per plan tier.

Full AI

Complete AI answer with formatted markdown, bullet insights, data summary, and auto-selected chart.

LLM + full data

Masked data

Text values tokenized before the LLM. AI answers with masked data; original values restored in the output your users see.

LLM + tokens only

Stats only (Hybrid)

AI generates narrative from column statistics. Full data table rendered locally — rows never exposed to the model.

LLM + aggregates

Local template

Pure server-side rendering with deterministic templates. Zero external AI calls. Maximum data privacy and infrastructure control.

No LLM calls

Origin guard

Every API key is bound to your domains. Requests from any other origin are rejected at the edge.

Locked to your domain

Audit & access

Every prompt, query, and answer logged. Role-based access. SSO and SCIM on enterprise plans.

SSO · SCIM · Audit log
In practice

Set the policy. Inherit it everywhere.

You configure the mode at workspace level. The widget, the API, and the Chrome extension all inherit the same policy — your customers never see a less-strict surface by accident.

  • Per-customer overrides for regulated tenants
  • Per-table overrides for PII-heavy datasets
  • BYO LLM key on enterprise — route through your own provider
  • SOC 2 Type II in flight
policy.yamlworkspace · acme
defaults:
  mode: full_ai
  log_queries: true
  byo_llm: false

overrides:
  # EU enterprise tenants stay masked.
  - match:    customer.region == "EU"
    mode:     masked

  # PII tables never leave our infra.
  - match:    table.tags.contains("pii")
    mode:     local_template
FAQ

Privacy & security questions.

What are the four privacy modes?

Full AI (the model sees the full table for the richest answers), Masked data (text values are tokenized before the LLM and restored in the output), Hybrid / stats only (the model sees only column statistics while the full table renders locally), and Local template (pure server-side rendering with zero external AI calls). You pick the trade-off between capability and privacy.

Can I set a different privacy mode per customer or table?

Yes. You set a default at the workspace level and override it per customer, per table, or per plan tier — for example, masked mode for EU enterprise tenants and local template for PII-heavy tables. The widget, REST API, and Chrome extension all inherit the same policy, so no surface is less strict by accident.

Do you train on our data?

No. tableArth.ai does not train models on your data. In Local template mode no data leaves your infrastructure at all, and in Hybrid mode only column statistics — never raw rows — are sent to the model.

How do you stop a widget being used from another site?

Every API key is bound to your domains by the origin guard. Requests from any other origin are rejected at the edge, so a leaked key can't be used to query your data from an unauthorized site.

Can we route AI calls through our own LLM provider?

Yes — bring-your-own-LLM is available on enterprise plans, so AI calls route through your own provider and key. Enterprise plans also add SSO, SCIM, role-based access, and audit logging of every prompt, query, and answer.

Are you SOC 2 compliant?

SOC 2 Type II is in progress. For the current status and to review our controls, book a security review and we'll walk through the specifics for your rollout.

Talk to us

Want to see the modes live?

We’ll walk through the exact policy you’d set for your customer base.