Osher Digital delivers AI and automation projects for organisations that handle sensitive operational, customer and commercial information. Protecting that information is central to how we design, build and operate every solution. This article explains the controls we use across hosting, data handling, credentials, privacy and internal processes.
Hosting and Infrastructure Security
Most clients choose to self host their AI assistants on a private VPS using Docker. This gives full control over data location, access and retention while reducing reliance on shared cloud services.
When Osher Digital hosts a solution for you, we follow the same principles:
Environments are private and isolated per client.
Outbound internet access is restricted unless specifically required.
Staging and production environments are separated when needed.
Uptime monitoring, alerting and log retention can be provided on request.
A locally hosted vector database such as Qdrant is recommended so that all embeddings and indexed content remain inside your private infrastructure.
Data Handling and Storage
Our systems only store the information that is required for the solution to function. Examples include:
Chat history if the assistant requires conversational memory.
Temporary processing logs if they are part of ingestion or testing.
Execution data only when it is required for error tracking or debugging.
Where possible, data is not persisted at all. The goal is to minimise storage and reduce risk.
When external LLMs are used, we use OpenRouter for most API calls. OpenRouter does not store prompts or responses. You can optionally use a private LLM instance for full control of data handling.
Clients may request deletion of any stored data at any time.
API Keys and Credential Management
We manage client API keys by default. This allows us to:
Monitor usage and token spend.
Detect unusual or abusive activity.
Simplify billing across multiple LLM providers.
Avoid disruptions caused by expired credit cards or expired keys.
Only essential credentials are stored. They are kept in a secure password management vault and injected into systems as environment variables or through a secret management tool.
Clients can share temporary credentials or access details through any secure channel they prefer. Keys can be rotated at any time and are rotated at handover if required.
Privacy and Compliance
Osher Digital operates in line with the Australian Privacy Principles and our own internal policies. Privacy requirements are included in our standard contract and all subcontractors sign an NDA.
Client data is not used to train models unless a client specifically requests this. We do not store prompts, responses or evaluation logs for our own purposes unless a project requires it.
Clients can request a copy of stored information or request deletion of information whenever needed.
Access Control and Internal Practices
Access inside Osher Digital follows a least privilege approach. Staff are given access only to the systems needed for their work. Access is revoked when a project ends or when a role changes.
All internal systems use MFA or 2FA for authentication. Subcontractors only access systems when required for delivery and are bound by the same confidentiality and security requirements as internal staff.
Knowledge Base and Document Security
When handling SharePoint, Zoho or other document sources, we only extract the content required for indexing. The ingestion process transforms and embeds the content locally inside your private vector database. No third party systems store any indexed data.
If your knowledge base requires ongoing ingestion (for example through n8n), we ensure that API tokens and OAuth credentials are tightly controlled and have the minimum permission set.
LLM Usage and Confidentiality
All interactions with external LLMs are non training by default. Client data is not used or retained by external providers.
Clients can choose from:
Managed LLM access through Osher Digital API keys.
Client owned keys managed by Osher Digital.
Fully private LLMs hosted on your own VPS.
These options provide a spectrum of control depending on your security requirements.
Your Control Over Your Data
At every stage of a project you retain full ownership of your data, documents, vector indexes, prompts, chat history and generated outputs. You may request:
Export of data
Removal of data
Destruction of stored content
Rotation of credentials
Review of access logs
Osher Digital is committed to transparent, secure and practical data protection. Our goal is to deliver the benefits of AI automation while giving you full confidence that your information is handled with care.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article