[trafnar]

I suppose your company in theory could read all the incoming data? Could engineers at my company decrypt the data? Or are the keys not available to us?

I suppose its more about ensuring the data sitting around in the DB isn't exposed to random employees or hackers yeah?

[hexedpackets]

Our engine is self-hosted, so all of the data is kept local to your network and we can't read any of it. Concerns about data access and query latency are the two biggest reasons we decided to take the self-hosted approach.

Whether engineers can access the keys and decrypt data depends on your setup. The engine can use either AWS KMS or Vault for top-level key management, so if an engineer has full permissions over those then they could get the keys out. We can also host the keys in our infrastructure and sync them over to the engine if you're comfortable with that tradeoff.

[iLoveOncall]

Maybe read the post before commenting? They answer all your points in it.

The proxy layer is self-hosted, the UI can be self-hosted and the keys are your own AWS KMS keys.