Trust & Security

Security isn’t a feature. It’s the foundation.

Thinkora is built so your most sensitive business data stays private, isolated and under your control — by design, not by promise.

Your credentials never leave your machine.

Most analytics tools ask you to hand over the keys to your database. Thinkora doesn’t. The desktop app keeps your connections local and acts as an execution proxy — the cloud asks a question, your device answers it. We never store, see, or copy your logins.

How we protect you

Six layers, one principle: your data is yours.

Credentials stay local

Your ERP, POS and booking-system logins are stored on your own machine — never uploaded to our cloud. The desktop app runs queries locally and returns only the results.

Encrypted everywhere

Data is encrypted in transit with TLS and at rest with AES-256. Secrets live in AWS Secrets Manager, never in code or logs.

Per-tenant isolation

Every organization gets its own isolated agent and data scope. One practice can never see another’s data — enforced at the identity layer.

Read-first by design

Thinkora reads to analyze. Any action that writes back to a connected system is staged as a proposal and waits for your explicit approval.

Hardened infrastructure

Built on AWS (DynamoDB, S3, ECS) in us-east-1 with least-privilege IAM roles, private networking and continuous monitoring.

Auditable by default

Every query and proposed change is logged and attributable to a user, so you always have a clear trail of what was asked and done.

Where your data lives

A question travels. Your data doesn’t.

01

On your device

Your credentials and database connections never leave the desktop app. It acts as a secure execution proxy.

02

Over a secure tunnel

The AI sends a query down an encrypted channel. Your device runs it locally against your data and returns only the answer.

03

In the cloud

Only the results needed to answer your question are processed — scoped to your organization and discarded when done.

Controls & compliance

The controls behind the promise.

We hold ourselves to the standards our customers — clinics handling sensitive patient and financial data — are held to. Security is reviewed continuously as the product evolves.

TLS 1.2+ for all data in transit
AES-256 encryption at rest
Authentication & SSO via Clerk
Least-privilege IAM access controls
GDPR-aligned data handling
Secrets stored in AWS Secrets Manager

Found a vulnerability?

We welcome responsible disclosure. If you believe you’ve found a security issue, please email us with the details and steps to reproduce. We’ll acknowledge your report promptly and keep you updated through the fix.

security@thinkora.ai

Want the security deep-dive?

Talk to us about your architecture, compliance needs and data residency — we’re happy to walk through the details.

Talk to our team