Architecture Deep Dive

Privacy That's Architected.
Not Just Promised.

We don't promise privacy—we engineer it. Your MyRagu runs in your cloud, with your keys. We couldn't access your data even if we wanted to.

Security Architecture

The Sovereignty Principles

Consumer AI stores your data on shared servers. Human assistants see everything. We took a different approach.

Your Cloud, Your Keys

MyRagu deploys into your personal AWS account. You own the infrastructure. You pay AWS directly. We're just the architects.

Zero Data Leakage

Your communications never touch our servers. We can't read your messages even if a government asked us to. By design.

You Control the Off Switch

Want to delete everything? You can. Instantly. We don't have a kill switch on your data—you do.

Technical Architecture

Defense in depth. Every layer designed for sovereignty.

Encryption at Rest

All data encrypted using AES-256 via AWS KMS. You hold the master key (CMK).

  • Standard AES-256-GCM
  • Key Management AWS KMS (Customer Managed)
  • Scope S3, Aurora, EBS Volumes
  • Rotation Automatic (Annual)

Database Isolation

Row-Level Security (RLS) in PostgreSQL enforces tenant isolation at the database kernel level.

CREATE POLICY account_isolation ON documents
USING (account_id = current_setting('ragu.account_id')::uuid);

Network Security

Your deployment lives in a private VPC. No public internet access for databases.

  • VPC Private Subnets Only
  • Access VPC Endpoints (PrivateLink)
  • WAF AWS WAF (SQLi, XSS Protection)
  • Egress Strict NAT Gateway Filtering

Threat Detection

Continuous monitoring of your environment for malicious activity.

  • Service AWS GuardDuty
  • Scope VPC Flow Logs, DNS Logs
  • Detection Crypto-mining, Port Scanning
  • Response Automated Lambda Triggers

Built for a Complex World

Compliance-ready for disclosures and consent.

AI that responds on your behalf raises valid questions about disclosure. We've built tools to handle this responsibly.

  • Call Recording Compliance: Configurable disclosures by jurisdiction.
  • AI Disclosure Options: "This is [Name]'s AI assistant" mode available.
  • Consent Management: Automated consent capture where required.
  • Audit Trail: Full logging of what the AI said and did.
// Disclosure Configuration
const compliance = {
  call_disclosure: true,
  message: "This call may be recorded",
  ai_identity: "assistant",
  audit_log: true
};

Privacy Comparison

Factor ChatGPT / Consumer AI Human Assistant MyRagu
Data Location Their servers Their memory & devices Your AWS account ✓
Encryption Keys They hold them N/A You hold them ✓
Can Provider Read Data? Yes Yes No, by design ✓
Data Used for Training? Often yes N/A Never ✓
Instant Delete Option Request required Impossible One click ✓
"Better than a human assistant—an AI can't gossip, can't be bribed, and can't remember after you delete."

Ready to Own Your AI?

Apply for private access. Your data stays yours.

Apply for Private Access