Security & Boundaries
What is documented, what is protected, and how to handle secrets and data safely in your integration.
Documentation boundary
This documentation follows a strict black-box policy. It covers only what you need to integrate reliably. Proprietary internals are intentionally excluded.
What we document
Public integration surface
- ✓API and MCP usage contracts
- ✓Required inputs and expected outputs
- ✓Authentication patterns
- ✓Actionable error codes
- ✓Rate limits and credit model
- ✓Data retention policy
What we protect
Proprietary internals — not disclosed
- —Model architecture and algorithmic design
- —Internal pipeline and reasoning steps
- —Evidence extraction methodology
- —Private infrastructure topology
- —Non-public operational endpoints
- —Internal scoring and ranking logic
Authentication
All API endpoints authenticate via the x-api-key header. Keys are scoped to your account and tied to your credit balance.
Never expose keys client-side
API keys must only be used from server-side environments. Never include them in browser-executed code, frontend bundles, or public repositories.
Use environment variables
Inject TI_API_KEY at runtime. Keep .env files in .gitignore. Use secrets management in CI/CD pipelines.
Rotate when compromised
Revoke and replace the key immediately from /dashboard/developers. Compromised keys should be treated as fully exposed — there is no partial revocation.
Sanitise logs
Do not print the full API key or raw session payloads to stdout in production. Redact keys before logging request headers.
Data retention
Sessions and indexed evidence are retained for a fixed window after upload, then deleted. TI does not store your documents permanently.
| Data | Retention window | Notes |
|---|---|---|
| Indexed session evidence | 72 hours (default) | Configurable via retention_hours on upload. Subject to platform cap. |
| Raw uploaded files | Not stored | Files are processed in-memory and discarded after indexing. |
| API audit logs | Per privacy policy | Anonymised usage metrics only. No document content retained in logs. |
Zero data retention guarantee
TI does not use uploaded document content to train models or improve the service. Evidence is isolated per session and deleted at expiry.
Transport security
The following transport types are blocked at the API level. Attempts to use them return unsupported_transport.
/mnt/data/...Local runtime mount paths (e.g. ChatGPT sandbox, code interpreters)
sandbox:/...Sandbox-scoped file paths
file://...Local file URIs
http://...Non-TLS HTTP URLs (blocked unless explicitly allowed in trusted runtimes)
192.168.x.x / 10.x.x.xPrivate network addresses
Use ti_create_upload_handoff for connector environments
If your MCP client only has access to a local mount path, use ti_create_upload_handoff to generate a one-click browser upload URL instead of attempting to pass the local path directly.