Skip to content

Security FAQs

1. How are credentials stored and managed?

All credentials are stored and processed locally on your machine they never leave your work environment:

  • Credentials are encrypted and stored locally using your IDE's secure storage API

  • All connections are established directly from your machine through stdio, Streamable HTTP, or SSE. Learn More

2. What data does Datamates MCP Server collect?

We DO NOT collect any Actual Customer Data

We collect minimal Metadata necessary for full functionalities:

  • Usage Metadata
  • Configuration Metadata (tool registrations, guardrail settings)
  • For debugging, we might ask for logs, and check other telemetry data per VSCode guidelines for error reporting and usage metrics.
  • Users can choose to switch on Memory at a individual Datamate level. This would include a high level summary of metadata around tasks being executed in IDEs to be referenceable in future work as added context. The lifecycle of this can be controlled.

3. What is your security architecture?

Datamates uses a local-first architecture where the MCP server runs on your machine.

All data processing, credential management, and tool integrations happen locally. Our SaaS platform runs on AWS infrastructure within a private VPC, isolated from public internet. Only metadata and usage analytics are transmitted to our platform over TLS 1.3 encrypted connections.

4. What compliance certifications and infrastructure security do you maintain?

We maintain compliance with industry security standards:

  • SOC 2 Type II: Audited annually for security, availability, and confidentiality controls

  • Enterprise Security: Our infrastructure is hosted on AWS within a private VPC, with network isolation, security groups, and AWS IAM-based RBAC access controls. Only authorized developers can access production systems through AWS SSO with MFA enforcement for any debugging.

If you need us to do a security review with your IT / security teams, please contact us via chat or Slack.

5. Do you use my data to train your AI models?

At Altimate AI, our primary objective is allow our users to automate their Data related work using Datamates, locally within the confines of their system. We do not use any customer data to train any models. Any data processed by our service is not repurposed for model training or enhancement. Your data is -

NOT available to other customers. NOT available to Altimate AI for any model training or improvements. NOT used to improve any 3rd party products or services

6: How is the knowledge base secured?

Organization-specific knowledge bases uploaded to the SaaS UI are encrypted at rest and in transit via TLS.

The embedded Datamates MCP server locally hosts documents as Private Links which provides referenceable links that can only be authenticated through your specific IDE integration.

7. How does the PII Guardrails feature work?

Detected PII is automatically sanitized or blocked based on configured policies, preventing sensitive data exposure to any agentic interface like Github Copilot, Cursor, Cline, Windsurf, etc.

8. What's your stance on GDPR?

We do not store any actual customer data, we only store aggregate statistics and metadata. As a result, GDPR data deletion requests do not need to be propagated to us because we do not store such data. Our customers typically do not request or require DPAs. However, we're happy to provide a DPA or review a vendor DPA if your organization needs it.

🔒 Key Security Promise

Your Credentials Never Leave Your Machine

  • All credentials are encrypted and stored locally on your device

  • All connections are made from your machine

  • SOC 2 Type II certified with enterprise-grade security controls

  • Zero trust architecture with automatic PII detection and sanitization

If you need us to do a security review with your IT/security teams, please contact us via chat or Slack.