Point11

Security architecture overview

Enterprise security architecture for Point11's AI infrastructure platform, covering encryption, zero-trust, access controls, and AI-specific threat mitigations.

Point11 processes enterprise customer data across AI voice agents, chat agents, and MCP servers. This document describes the security architecture that protects that data at every layer of the platform.

Encryption

Data at Rest

All data at rest is encrypted using AES-256, the Advanced Encryption Standard with 256-bit keys. AES-256 is approved by NIST for protecting classified information up to the TOP SECRET level and is the standard across AWS, Google Cloud, and Azure managed storage services.

Point11 leverages cloud-provider key management services (AWS KMS, Google Cloud KMS, Azure Key Vault) for envelope encryption. Customer data encryption keys are themselves encrypted by a master key that is never exported from the hardware security module. Key rotation occurs automatically on a 365-day cycle, with the option for customer-managed keys (CMK) on enterprise plans.

Data in Transit

All network communication uses TLS 1.3, the latest version of the Transport Layer Security protocol. TLS 1.3 eliminates legacy cipher suites, reduces the handshake to a single round trip, and provides forward secrecy by default. Point11 enforces TLS 1.3 on all external endpoints and internal service-to-service communication. Legacy TLS versions (1.0, 1.1, 1.2) are disabled at the load balancer.

Certificate management is automated through AWS Certificate Manager and Let's Encrypt with ACME protocol automation, ensuring certificates are renewed before expiration.

Zero-Trust Architecture

Point11 operates on a zero-trust model: no network location, service, or user is inherently trusted. Every request is authenticated, authorized, and encrypted regardless of whether it originates from inside or outside the network perimeter.

Key principles of the implementation:

  • Identity-based access: Every service, user, and AI agent authenticates with short-lived tokens issued by the identity provider. There are no shared credentials or static API keys in production.
  • Microsegmentation: Services communicate over encrypted mutual TLS (mTLS) channels with per-service identity certificates. A compromised service cannot impersonate another.
  • Least privilege: Each service account and IAM role has the minimum permissions required for its function. Permissions are reviewed quarterly and pruned automatically if unused for 90 days.
  • Continuous verification: Session tokens expire after 15 minutes for machine-to-machine communication and 60 minutes for user sessions. Re-authentication is required after expiration.

Access Controls (RBAC)

Point11 implements role-based access control across the platform:

  • Organization Owner: Full administrative access including billing, user management, and data export.
  • Admin: Configuration of AI agents, MCP servers, and integrations. Cannot modify billing or delete the organization.
  • Developer: Deploy and test AI agents and MCP servers. Cannot access production customer data directly.
  • Viewer: Read-only access to dashboards, analytics, and conversation logs.

All role assignments are logged and auditable. Privilege escalation requires approval from an Organization Owner and triggers an alert to the security team.

Audit Logging

Every action on the platform is recorded in an immutable, append-only audit log:

  • User authentication events (login, logout, MFA challenge, failed attempts)
  • Configuration changes to AI agents, MCP servers, and integrations
  • Data access events including who accessed what data and when
  • API calls with request metadata, response status, and latency
  • AI agent conversation events including tool invocations and data retrievals

Audit logs are retained for 7 years, stored in a separate, access-restricted storage account, and are available for export in JSON and CSV formats for compliance audits. Logs are shipped to SIEM systems via native integrations with Splunk, Datadog, and AWS CloudTrail.

AI-Specific Security

Prompt Injection Protection

Prompt injection is ranked as the number one risk in the OWASP Top 10 for Large Language Model Applications (2025 edition). Point11 mitigates prompt injection through a layered defense:

  • Input sanitization: All user inputs and external data are sanitized before inclusion in LLM prompts. Known injection patterns are detected and blocked at the application layer.
  • System prompt isolation: System prompts are separated from user content using model-native delimiters and role boundaries. User-supplied content is never interpolated directly into system instructions.
  • Output validation: LLM outputs are validated against expected schemas before being passed to downstream tools or returned to users. Unexpected tool calls or data access patterns trigger automated review.
  • Canary tokens: Synthetic data markers are embedded in system prompts to detect extraction attempts. If a canary token appears in model output, the session is terminated and flagged.

Multi-Tenant Data Isolation

Point11 is a multi-tenant platform. Each customer's data is logically isolated at the database, storage, and compute layers:

  • Database isolation: Each tenant's data resides in a dedicated schema with row-level security policies enforced at the database engine level.
  • Compute isolation: AI agent workloads run in isolated containers with tenant-specific environment variables and network policies.
  • Model context isolation: Conversation context, embeddings, and vector stores are partitioned by tenant. No cross-tenant data leakage is possible through the AI model's context window.

Point11's voice provider, ElevenLabs, maintains SOC 2 Type II certification with zero exceptions and offers HIPAA Business Associate Agreements for healthcare deployments.

Sources

SOC 2 Type II compliance

Need help implementing this?

Our team can walk you through the setup.

Talk to Sales