Security & privacy
How OnKey keeps your data isolated from other customers, protects it, and handles worker chat privacy.
This page explains, in plain terms, how OnKey protects your data and handles privacy. For formal terms, refer to your OnKey agreement and privacy policy.
Your data is isolated
Every customer's data lives behind a strict boundary. Each account is its own tenant, and every record — workers, messages, documents, activity — is tagged to that tenant and enforced at the database layer, so one customer's data is never visible to another. Within your own account, uploaded files are scoped to the specific agent they belong to.
How your data is protected
- Credentials are never stored in the clear. Your agent's API key is encrypted, worker PINs are stored only as one-way hashes, and access tokens are hashed at rest — none of these can be read back out.
- Email is verified. Messages to your Virtual Operations Agent are checked for a valid signature and sender authentication (SPF/DKIM) before they're processed, and only email addresses on your account's approved list are accepted.
- Secrets stay in the platform. Encryption keys and service credentials live only in the hosting environment, never in code or documents.
- Everything sensitive is logged. Administrative actions are recorded in an append-only audit trail.
Worker chat privacy
Worker conversations with the assistant are treated as confidential. They are not surfaced to Admins as identifiable transcripts in the normal product experience — the insights you see (for example, the topics and knowledge gaps in your Weekly Digest) are aggregated and de-identified, and never include worker names or personal details.
As the Customer, you can request the full conversation logs for your agent from OnKey — for example for a compliance or investigation need. Reach out through your Virtual Operations Agent or your OnKey contact.
Retention and deletion
- Conversation history is retained for a set period (by default about a year) and can be adjusted for your account.
- Administrative and audit records are kept longer for compliance.
- When a worker is offboarded, their access is revoked immediately and their personal information is scrubbed on a defined schedule. You can request deletion of your data, and it's fully removed at the end of the retention window (barring a legal hold).
Questions
Security or privacy questions specific to your account? Just ask your Virtual Operations Agent and it'll route you to the right person on our team.
Updated about 1 hour ago

