Security

Last Updated: January 23, 2026

Enterprise-Grade Security by Design

BlazeXL is built with a "Security-First" mindset. Our architecture is designed to handle sensitive financial, engineering, and enterprise data with the highest levels of protection across all ingestion methods—Excel, local files, and clipboard.

1. Python Execution & Sandboxing

Every Python script executed via BlazeXL (including code generated by our AI Analyst) runs in a uniquely provisioned, hardware-isolated sandbox. This ensures that your analysis is "grounded" in verified Python execution rather than unpredictable AI model outputs.

  • No Persistence: Sandboxes are ephemeral by design and are purged to avoid any residual data or state.
  • Limited Networking: Network access within the sandbox is restricted to essential services and user-defined allow-lists.
  • Resource Limits: Strict CPU and memory limits prevent denial-of-service scenarios and ensure stable execution for all users.

2. AI Analyst & Transient Context

When using the AI Analyst, we prioritize data privacy through a "transient context" model.

  • Minimized Exposure: The AI only sees the schema (headers) and a small, representative slice of your data needed to generate the appropriate Python code.
  • Purged Context: Once the code is generated, this transient context is immediately purged from our systems.
  • Local Execution: The actual data processing happens within your isolated sandbox, not within the AI model itself.

3. Encryption

We use industry-standard encryption for data both in transit and at rest across all platforms (Windows, Mac, and Web).

  • In Transit: All data moving between your client (Add-in or Web App) and our Gateway is encrypted using TLS 1.3.
  • At Rest: While we aim for zero-storage of user data, any temporary metadata or session state is encrypted using AES-256.

4. Authentication & Authorization

BlazeXL integrates with world-class identity providers to ensure your account and shared Modules are protected.

  • MFA Support: Multi-Factor Authentication is supported and highly recommended for all users.
  • Managed API Keys: Every request to the BlazeXL Gateway is authenticated via secure session tokens or managed API keys.
  • Module Security: Access to team-shared or private Python Modules is controlled via granular Role-Based Access (RBAC).

5. Audit Logging & Compliance

For enterprise compliance, BlazeXL maintains comprehensive audit logs of system activity.

  • Execution Tracking: We track who ran what code and when, providing a full audit trail of analysis activity without storing the actual data processed.
  • SOC 2 & GDPR: We are actively working towards SOC 2 Type II certification and maintain strict adherence to GDPR and CCPA requirements.

6. Infrastructure

Our services are hosted on leading cloud providers (AWS/GCP) within secure, VPC-isolated environments. We utilize managed services with proven security track records to minimize our attack surface and ensure 99.9% availability for critical workloads.

7. Vulnerability Management

We perform regular automated security scans and manual penetration testing. If you believe you've found a security vulnerability in BlazeXL, please contact us at [email protected].