conversion legal·public preview

Enterprise Security

This page helps security, privacy, and procurement teams evaluate Ethen for organizational use. It explains admin models, data boundaries, BYOK, connected services, approvals, and how to request deeper review—without unsupported certification or compliance claims.


Enterprise Security Overview

Ethen supports organizational model work across chat, coding, research, media, voice, and workflow surfaces. Enterprise adoption typically requires clarity on identity, admin control, data paths, provider routing, retention expectations, and approval processes for risky actions.

1. Enterprise security overview

Enterprises evaluating Ethen should map: who can access the workspace; where prompts and files go; which providers are used; how secrets are stored; how approvals work; and what logs exist for investigation. Upcube’s public security materials aim for accuracy over marketing intensity. If a control is configuration-dependent or provider-dependent, this page says so. A successful enterprise rollout pairs product controls with internal policy, training, and monitoring. Start with a pilot workspace, limited data classes, and a short list of approved model routes before broad enablement.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Map identity, data paths, providers, secrets, and approvals.
  • Prefer accurate boundaries over slogans.
  • Internal policy still required.
  • Pilot before broad enablement.

2. Workspace and admin model

Organizations should designate admins responsible for invites, roles, integrations, billing contacts, and security settings. Admin accounts deserve stronger authentication and tighter device hygiene. Separate production workspaces from experimental labs when possible. Limit who can enable high-risk automations or write-capable integrations. Document break-glass admin procedures for offboarding and incident response. Consider dual admin ownership so a single departure does not strand a workspace.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Designate and harden admin accounts.
  • Separate lab and production workspaces when possible.
  • Document break-glass procedures.
  • Avoid single-admin lockout risk.

3. Team access

Use least privilege. Grant members only the projects and tools they need. Review guest and contractor access on a schedule. SSO or organization identity features, where available, should be preferred over unmanaged personal accounts for corporate use. If SSO is not enabled in a given environment, compensate with stronger operational controls. Access reviews should include dormant accounts and unused integrations. Contractors should receive time-bounded access with clear data handling rules.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Least privilege for members and guests.
  • Prefer org identity controls where available.
  • Review dormant access regularly.
  • Time-bound contractor access.

4. Provider routing and BYOK

Enterprises often care deeply about which model providers process data. Ethen may support platform routes and BYOK routes depending on configuration. BYOK can align provider billing and account control with the enterprise’s existing vendor relationships, but provider-side logs and terms still apply. Security teams should maintain an allowlist of approved providers and routes. Document approved models for regulated teams versus general productivity teams. Re-review allowlists when providers change terms or regions.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Know which providers process which workloads.
  • BYOK does not erase provider-side risk.
  • Maintain route allowlists for sensitive teams.
  • Re-review when provider terms change.

5. Connected services

Source control, ticketing, storage, browser, and messaging integrations can create powerful automations and powerful failure modes. Require security review before enabling write scopes. Prefer staging connections before production. Monitor automation that can open PRs, send messages, or modify cloud resources. Revoke integrations that are unused or owned by departed staff. Store integration secrets in approved secret managers rather than chat history.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Write scopes need security review.
  • Stage integrations before production.
  • Revoke unused connections.
  • Secrets belong in secret managers.

6. Data boundaries

Classify data before it enters a model workspace. Highly regulated data may require specialized vendor processes, contractual terms, or route restrictions that public private-alpha environments may not satisfy. Public policies describe categories and boundaries; they do not automatically make Ethen appropriate for every regulated workload. When in doubt, escalate to legal, privacy, and security stakeholders. Local lanes may help some boundaries but introduce device and endpoint risk. Publish an internal data-class matrix for what may be pasted into prompts.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Classify data before use.
  • Not every regulated workload is automatically in scope.
  • Local lanes trade one risk profile for another.
  • Internal data-class rules help users.

7. Approvals and evidence

Enterprises should define which actions require dual control: production writes, external messages, credentialed browser actions, large-scale exports, or security remediations. Ethen approval and evidence features can support these processes when teams use them with real review standards. Evidence packages should be retained according to internal investigation needs and the Data Retention policy. Do not equate a product checkbox with regulatory sign-off. Train approvers to reject incomplete packets rather than approve under time pressure alone.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Define dual-control actions.
  • Use approvals with real review standards.
  • Product checkboxes ≠ regulatory sign-off.
  • Train approvers to reject incomplete packets.

8. Retention expectations

Enterprises should map retention needs for chat history, code artifacts, evidence, logs, and billing. Public retention guidance is category-based because exact periods depend on configuration, law, and providers. If a fixed retention schedule is required, negotiate it in a written agreement and confirm product support before relying on it. Backup and provider lags should be included in deletion runbooks. Align legal hold processes with who can freeze deletion in product and process.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Map retention by artifact type.
  • Fixed schedules need written confirmation.
  • Include backups and providers in runbooks.
  • Connect legal holds to deletion freezes.

9. Procurement review path

Typical procurement review includes security questionnaires, privacy review, architecture discussions, and commercial terms. Upcube can respond based on verified product behavior and published policies. Reviewers should avoid assuming unstated certifications. Request only artifacts that are necessary and that Upcube can truthfully provide. Contact published sales or enterprise channels to begin a structured review. Share your data classes and integration list early so answers match your intended use.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Questionnaires should map to verified controls.
  • Do not assume unstated certifications.
  • Use enterprise contact paths for structured review.
  • Share intended data classes early.

10. Security questionnaire guidance

When completing questionnaires, answer from current product reality: authentication options actually available, logging that actually exists, BYOK behavior as implemented, and subprocessors actually used. If a control is planned but not shipped, say so. If a control is customer-managed, say so. Over-claiming creates legal and trust risk for both parties. Attach public policy links where they accurately answer a question. Keep a change log of questionnaire answers as the product evolves.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Answer from current reality.
  • Label planned vs shipped controls.
  • Use public policies as supporting references.
  • Version questionnaire answers over time.

11. Enterprise agreement boundaries

Public policy pages are not a substitute for DPAs, security exhibits, BAAs, or custom liability terms. Those documents—if offered—are negotiated separately and may not be available for every plan or stage. Where an enterprise agreement conflicts with a public page for that customer’s covered services, the agreement controls to the extent of the conflict. Private alpha or preview environments may have additional honesty labels and limitations. Do not assume a marketing site implies contractual remedies.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Contracts carry commercial security commitments.
  • Agreements can supersede public pages for that customer.
  • Preview environments may have extra limits.
  • Marketing pages are not remedies clauses.

12. No unsupported compliance claims

This page does not claim SOC 2, ISO 27001, HIPAA, PCI, FedRAMP, or similar status. It does not claim continuous penetration testing, guaranteed encryption properties beyond standard transport security practices, or zero provider retention. If verified compliance artifacts are available for a given commercial motion, they will be shared intentionally—not implied by website prose. Enterprises should base go/no-go decisions on evidence, architecture fit, and contractual coverage. Ask for the artifact you need; do not infer it from tone.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • No implied certification badges.
  • Artifacts are shared only when verified.
  • Decisions should be evidence-based.
  • Request artifacts explicitly.

13. Related policies and next steps

Use the Security Statement, Privacy Policy, Data Retention policy, BYOK Data Handling policy, Acceptable Use Policy, AI Use Policy, and Terms of Service as the core public pack. Voice-specific enterprise uses should also review Voice Consent and Voice Cloning policies. For next steps, contact Upcube enterprise or security channels published on the site. Internally, assign owners for identity, data classification, provider allowlists, and incident contacts before broad rollout.

Readers should treat this section as operational guidance for product use and evaluation. Where a control or retention behavior depends on plan, region, provider route, or admin configuration, confirm the live setting in product UI or a written enterprise agreement before relying on a specific outcome. Upcube updates public policy pages when material product posture changes, but customers remain responsible for their internal compliance programs.

  • Core public pack is linked across legal pages.
  • Voice policies matter for voice rollouts.
  • Enterprise contact starts deeper review.
  • Assign internal owners before rollout.

14. Rollout stages for enterprises

A staged enterprise rollout typically moves from policy reading and architecture mapping, to a limited pilot with non-sensitive data, to controlled expansion with approved routes and integrations, and only then to broader org enablement.

At each stage, measure: who has admin rights; which providers are used; whether approvals are actually reviewed; whether secrets appear in prompts; and whether offboarding works.

Procurement, security, privacy, and platform owners should share a single source of truth for approved configurations. Divergent shadow workspaces create unmanaged risk.

If the product stage is private alpha or preview for a surface, keep that surface out of production-critical regulated workflows until your risk committee accepts it.

  • Stage from pilot to broader enablement.
  • Measure admins, routes, approvals, and secrets hygiene.
  • Avoid unmanaged shadow workspaces.
  • Respect preview limitations for regulated work.

Enterprise evaluation posture

Enterprises should treat Ethen as a model workspace with configurable routes, permissions, and integrations. Security outcomes depend on both platform controls and customer operational discipline. Written agreements define commercial security commitments.

  • Configuration matters: Admin choices shape residual risk.
  • Provider paths matter: BYOK and model providers affect data location.
  • Contracts matter: Public pages are not negotiated security addenda.
  • Evidence over slogans: Prefer verified answers in questionnaires.

Policy status

Enterprise Security is public evaluation guidance, not a certification package.

  • Procurement-oriented: Helps structure reviews and questionnaires.
  • Conservative claims: Avoids unsupported compliance language.
  • Contract-aware: Points to written agreements for commitments.
  • Shared responsibility: Customer operations remain essential.

Not legal advice

These pages explain product and policy posture for Upcube / Ethen. They are not legal advice and do not replace counsel for your jurisdiction, industry, or use case.

Evidence and claim boundaries

This statement describes Ethen’s current posture without making unsupported certification or compliance claims. Configuration, provider selection, and enterprise agreements can change data paths and controls.

  • No certification claim: No SOC 2, ISO 27001, HIPAA, PCI, or penetration-test guarantee is claimed here.
  • Shared responsibility: Customers control members, keys, devices, and integrations.
  • Provider-dependent paths: Third-party providers apply their own security practices.
  • Continuous change: Controls evolve; public pages avoid frozen false guarantees.

Enterprise reading list

Use these public pages before or during questionnaire review.

Related policies

Frequently asked questions

Can we get a SOC 2 report from this page?

This page does not provide or claim a SOC 2 report. Request verified artifacts through enterprise channels if available.

Is BYOK required for enterprise use?

Not always, but many enterprises prefer BYOK or approved provider allowlists for control and billing alignment.

How should we start a security review?

Read the public security pack, prepare a questionnaire, and contact enterprise/sales channels for structured follow-up.

Do public policies override our negotiated DPA?

No. A signed enterprise agreement controls for that customer to the extent of any conflict.


Enterprise Security · Ethen by Upcube