Security & privacy
Zahen is built around the idea that a platform doing real business work must be safe, auditable, and honest about what it’s doing. This page explains the main safeguards in plain language.
Answers come only from your approved documents
Section titled “Answers come only from your approved documents”The assistant never draws on the open internet or general training data to answer a question. Every answer is grounded in documents your organisation has explicitly approved and uploaded. If the right document isn’t there, the assistant says so rather than guessing. See Why answers are trustworthy.
Access is filtered before any search runs
Section titled “Access is filtered before any search runs”When you ask a question or start a task, Zahen checks your role and department first and narrows the document set to only what you’re permitted to read. The search then runs against that filtered set. This means a document at a higher access level can’t appear in your answer even if it would be relevant — there’s no “filter after the fact” step where a restricted document might slip through.
For more on how this works in practice, see Why you can’t see some documents.
Documents are treated as reference material, not instructions
Section titled “Documents are treated as reference material, not instructions”Retrieved document content informs answers, but it cannot change how the assistant behaves. If a document contained text designed to manipulate the assistant — sometimes called a prompt injection — the assistant will not follow it. Instructions to the assistant come only from the platform itself, not from anything in your documents.
High-risk actions require a human decision
Section titled “High-risk actions require a human decision”Some actions — such as sending an email on behalf of your organisation or updating a record in an external system — are marked as high-risk. The assistant cannot complete those steps on its own: the task pauses and waits for an authorised person to review and approve the plan before anything happens. See Approvals.
The assistant does not hold credentials for external systems
Section titled “The assistant does not hold credentials for external systems”When a task needs to interact with an external tool or system, the platform brokers that connection using credentials managed by administrators — the assistant itself never stores or sees login details. This limits what can happen if something goes wrong.
Meaningful activity is recorded in an append-only audit log
Section titled “Meaningful activity is recorded in an append-only audit log”Actions that matter — questions asked, tasks run, approvals decided, documents uploaded, and administrative changes — are written to an audit log. Because the log is append-only, entries cannot be edited or deleted after they are written. This gives your organisation a reliable record for review, compliance, and investigation.
Your responsibilities
Section titled “Your responsibilities”Zahen does not replace good judgement. Treat cited answers as well-sourced summaries of your policies, not as legal, financial, or medical advice. If an answer matters, check the cited document yourself.