319 lines
15 KiB
HTML
319 lines
15 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Security & Privacy — Nexus One AI Portal</title>
|
|
<link rel="stylesheet" href="style.css?v=4">
|
|
</head>
|
|
<body data-role="admin">
|
|
|
|
<header class="topnav">
|
|
<a href="index.html" class="brand">Nexus One <span>AI</span></a>
|
|
<nav>
|
|
<a href="index.html">Home</a>
|
|
<a href="quickstart.html">Quick Start</a>
|
|
<a href="prompts.html">Prompt Library</a>
|
|
<a href="usecases.html">Use Cases</a>
|
|
<span class="nav-sep"></span>
|
|
<div class="nav-dropdown">
|
|
<button class="nav-drop-btn">Help ▾</button>
|
|
<div class="nav-drop-menu">
|
|
<span class="nav-drop-cat">LEARN /</span>
|
|
<a href="quickstart.html">Quick Start</a>
|
|
<a href="models.html">Models</a>
|
|
<span class="nav-drop-cat">SUPPORT /</span>
|
|
<a href="troubleshooting.html">Troubleshoot</a>
|
|
<a href="faq.html">FAQ</a>
|
|
<span class="nav-drop-cat">MORE /</span>
|
|
<a href="glossary.html">Glossary</a>
|
|
<a href="whats-new.html">What's New</a>
|
|
</div>
|
|
</div>
|
|
<div class="nav-dropdown">
|
|
<button class="nav-drop-btn active">Admin ▾</button>
|
|
<div class="nav-drop-menu">
|
|
<a href="security.html" class="active">Security</a>
|
|
<a href="admin.html">Admin Guide</a>
|
|
<a href="dashboard.html">Dashboard</a>
|
|
<a href="users.html">Users</a>
|
|
<a href="teams.html">Teams</a>
|
|
<a href="models-admin.html">Model Manager</a>
|
|
<a href="training.html">Training</a>
|
|
<a href="knowledge.html">Knowledge Base</a>
|
|
<a href="analytics.html">Usage Analytics</a>
|
|
<a href="apikeys.html">API Keys</a>
|
|
<a href="benchmark.html">Benchmarking</a>
|
|
<a href="model-compare.html">Model Compare</a>
|
|
<a href="api-playground.html">API Playground</a>
|
|
<a href="guardrails.html">Guardrails</a>
|
|
<a href="console.html">Console</a>
|
|
<a href="audit.html">Audit Log</a>
|
|
<a href="feedback.html">Feedback & Ratings</a>
|
|
<a href="settings.html">Settings</a>
|
|
</div>
|
|
</div>
|
|
<div class="nav-dropdown">
|
|
<button class="nav-drop-btn">AI Tools ▾</button>
|
|
<div class="nav-drop-menu">
|
|
<span class="nav-drop-cat">INTELLIGENCE /</span>
|
|
<a href="documents.html">Document Intelligence</a>
|
|
<a href="chat-multi.html">Multimodal Chat</a>
|
|
<a href="prompt-studio.html">Prompt Studio</a>
|
|
<a href="meeting.html">Meeting Assistant</a>
|
|
<span class="nav-drop-cat">AUTOMATION /</span>
|
|
<a href="agents.html">Agent Builder</a>
|
|
<a href="schedules.html">Scheduled Jobs</a>
|
|
<a href="workflows.html">Workflow Automation</a>
|
|
<span class="nav-drop-cat">QUALITY /</span>
|
|
<a href="evals.html">AI Eval Suite</a>
|
|
<a href="chatrooms.html">Chat Rooms</a>
|
|
</div>
|
|
</div>
|
|
</nav>
|
|
<a href="notifications.html" style="position:relative">🔔</a>
|
|
<span class="badge" data-brand="tier">Basic Tier</span>
|
|
<div id="nav-org-logo" class="nav-org-logo"></div>
|
|
</header>
|
|
|
|
<div class="page-hero">
|
|
<div class="label">Security & Privacy</div>
|
|
<h1>Your Data Never Leaves Your Building</h1>
|
|
<p>Nexus One AI runs entirely on your own servers. No internet connection required. No data sent to any cloud. Full control stays with your organisation.</p>
|
|
</div>
|
|
|
|
<div class="content">
|
|
|
|
<!-- TRUST BANNER -->
|
|
<div class="sec-trust-bar">
|
|
<div class="sec-trust-item">
|
|
<div class="sec-trust-icon">🔒</div>
|
|
<div class="sec-trust-label">Air-Gapped</div>
|
|
<div class="sec-trust-sub">Operates fully offline</div>
|
|
</div>
|
|
<div class="sec-trust-item">
|
|
<div class="sec-trust-icon">🏛️</div>
|
|
<div class="sec-trust-label">On-Premises</div>
|
|
<div class="sec-trust-sub">Your hardware, your network</div>
|
|
</div>
|
|
<div class="sec-trust-item">
|
|
<div class="sec-trust-icon">🚫</div>
|
|
<div class="sec-trust-label">No Cloud</div>
|
|
<div class="sec-trust-sub">Zero external API calls</div>
|
|
</div>
|
|
<div class="sec-trust-item">
|
|
<div class="sec-trust-icon">📁</div>
|
|
<div class="sec-trust-label">Local Storage</div>
|
|
<div class="sec-trust-sub">All data stays on your server</div>
|
|
</div>
|
|
<div class="sec-trust-item">
|
|
<div class="sec-trust-icon">👤</div>
|
|
<div class="sec-trust-label">Access Control</div>
|
|
<div class="sec-trust-sub">User login & permissions</div>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- THE CORE ANSWER -->
|
|
<div class="section-title">The most important question: where does my data go?</div>
|
|
<div class="sec-answer-block">
|
|
<div class="sec-answer-icon">🏠</div>
|
|
<div class="sec-answer-text">
|
|
<h3>Nowhere. It stays on your server.</h3>
|
|
<p>When you type a prompt, upload a document, or ask the AI a question, that data is processed entirely by the AI model running on your own server — the same server sitting in your data centre or server room. It does not travel to OpenAI, Anthropic, Google, or any other company. It does not touch the internet. The AI model itself is stored locally and runs locally.</p>
|
|
<p style="margin-top:12px">This is fundamentally different from consumer AI tools like ChatGPT or Gemini, where every message you send is transmitted to and processed by a third-party cloud. With Nexus One AI, the only network involved is <em>your</em> internal network.</p>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- ARCHITECTURE -->
|
|
<div class="section-title">How the architecture enforces this</div>
|
|
<div class="sec-arch-grid">
|
|
|
|
<div class="sec-arch-card">
|
|
<div class="sec-arch-num">01</div>
|
|
<h4>Fully self-contained system</h4>
|
|
<p>Every component — the AI model, the chat interface, the document database, the API — is installed on your server before deployment. Nothing is fetched from the internet at runtime. The system can operate in a facility with no external network connection whatsoever.</p>
|
|
</div>
|
|
|
|
<div class="sec-arch-card">
|
|
<div class="sec-arch-num">02</div>
|
|
<h4>Models run on your GPU</h4>
|
|
<p>The AI inference (the process of generating a response) happens on the NVIDIA GPU installed in your server. The model weights — the "brain" of the AI — never leave your hardware. You own the compute, you own the process.</p>
|
|
</div>
|
|
|
|
<div class="sec-arch-card">
|
|
<div class="sec-arch-num">03</div>
|
|
<h4>Documents stored in your database</h4>
|
|
<p>When you upload documents for AI analysis, they are stored in ChromaDB running on your server. Document contents, embeddings, and query results all remain within your infrastructure. Uploading a tender document to the AI is no different from saving it to a local file server — it doesn't go anywhere external.</p>
|
|
</div>
|
|
|
|
<div class="sec-arch-card">
|
|
<div class="sec-arch-num">04</div>
|
|
<h4>No telemetry or usage reporting</h4>
|
|
<p>Nexus One AI does not collect usage statistics, prompt logs, or analytics and send them anywhere. There is no "phone home" behaviour. Cezen does not have visibility into what prompts you run, what documents you upload, or what responses the AI gives your staff.</p>
|
|
</div>
|
|
|
|
<div class="sec-arch-card">
|
|
<div class="sec-arch-num">05</div>
|
|
<h4>Open-source models with known weights</h4>
|
|
<p>The AI models used (Llama 3.1, Mistral, Gemma, and others) are open-source models with publicly auditable weights. There are no hidden backdoors or proprietary model components — the model files are inspectable by your security team.</p>
|
|
</div>
|
|
|
|
<div class="sec-arch-card">
|
|
<div class="sec-arch-num">06</div>
|
|
<h4>Network access is internal-only</h4>
|
|
<p>The system is configured to be accessible only within your organisation's internal network (LAN). Access from outside your network requires your own VPN or jump server — Nexus One AI does not expose any service to the public internet by default.</p>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<!-- WHAT THIS MEANS FOR SENSITIVE DATA -->
|
|
<div class="section-title">What this means for sensitive government data</div>
|
|
<div class="info-grid">
|
|
<div class="info-card">
|
|
<h4>Classified and restricted documents</h4>
|
|
<p>You can use the AI to analyse documents at your organisation's classification level, as long as the server itself is appropriately secured and network-isolated for that classification. The AI processing does not introduce any new data pathway that wasn't already present on your network.</p>
|
|
</div>
|
|
<div class="info-card">
|
|
<h4>Personally identifiable information (PII)</h4>
|
|
<p>Employee records, citizen data, and other PII can be processed without the risk of inadvertent disclosure to a third-party AI provider. Data handling obligations under your jurisdiction's privacy legislation remain manageable because all processing is internal.</p>
|
|
</div>
|
|
<div class="info-card">
|
|
<h4>Procurement and tender information</h4>
|
|
<p>Commercially sensitive tender documents, vendor proposals, and contract terms can be analysed by the AI without any risk of exposure to competitors or external parties — a critical requirement when dealing with active procurement processes.</p>
|
|
</div>
|
|
<div class="info-card">
|
|
<h4>Legal and compliance documents</h4>
|
|
<p>Legal advice, audit findings, compliance assessments, and investigation records can be processed safely. Attorney-client privilege and regulatory confidentiality requirements are not compromised by AI usage because there is no third-party involved in the processing.</p>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- ACCESS CONTROL -->
|
|
<div class="section-title">User access and authentication</div>
|
|
<div class="steps">
|
|
<div class="step">
|
|
<div class="step-num">1</div>
|
|
<div>
|
|
<h4>Individual user accounts</h4>
|
|
<p>Each staff member accesses Open WebUI with their own username and password. Accounts are created and managed by your system administrator. There is no shared login — every session is tied to a specific user.</p>
|
|
</div>
|
|
</div>
|
|
<div class="step">
|
|
<div class="step-num">2</div>
|
|
<div>
|
|
<h4>Conversation isolation</h4>
|
|
<p>Each user's conversation history is private to their account by default. Staff cannot see each other's chats or the documents others have uploaded. Administrators can configure shared spaces where needed.</p>
|
|
</div>
|
|
</div>
|
|
<div class="step">
|
|
<div class="step-num">3</div>
|
|
<div>
|
|
<h4>Administrator control</h4>
|
|
<p>Your designated system administrator has full control over user accounts — they can create, disable, or delete accounts at any time. When a staff member leaves, their account and conversation history can be removed immediately.</p>
|
|
</div>
|
|
</div>
|
|
<div class="step">
|
|
<div class="step-num">4</div>
|
|
<div>
|
|
<h4>Network-level restriction</h4>
|
|
<p>The system is accessible only from devices on your internal network. Staff cannot access the AI system from personal devices on home internet unless your IT team explicitly enables this through your own VPN infrastructure.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- COMPARISON -->
|
|
<div class="section-title">Nexus One AI vs. cloud AI services</div>
|
|
<div class="sec-compare-wrap">
|
|
<table class="sec-compare">
|
|
<thead>
|
|
<tr>
|
|
<th>Question</th>
|
|
<th class="col-cezen">✅ Nexus One AI (On-Premises)</th>
|
|
<th class="col-cloud">⚠️ Cloud AI (ChatGPT, Gemini, etc.)</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>Where is my data processed?</td>
|
|
<td class="col-cezen">On your own server, on your premises</td>
|
|
<td class="col-cloud">On third-party cloud servers overseas</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Does the AI provider see my prompts?</td>
|
|
<td class="col-cezen">No — Cezen has no access to your usage</td>
|
|
<td class="col-cloud">Yes — provider receives and logs all input</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Can I use it without internet?</td>
|
|
<td class="col-cezen">Yes — fully air-gapped capable</td>
|
|
<td class="col-cloud">No — requires internet connection</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Is my data used to train future models?</td>
|
|
<td class="col-cezen">No — data never leaves your network</td>
|
|
<td class="col-cloud">Depends on provider terms; often yes by default</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Who controls user access?</td>
|
|
<td class="col-cezen">Your organisation's IT administrator</td>
|
|
<td class="col-cloud">Each user manages their own account</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Where are documents stored after upload?</td>
|
|
<td class="col-cezen">In your local ChromaDB database</td>
|
|
<td class="col-cloud">On provider's cloud storage</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Suitable for restricted/classified work?</td>
|
|
<td class="col-cezen">Yes, subject to your network classification</td>
|
|
<td class="col-cloud">No — data leaves your security perimeter</td>
|
|
</tr>
|
|
<tr>
|
|
<td>Compliant with data residency requirements?</td>
|
|
<td class="col-cezen">Yes — data never crosses borders</td>
|
|
<td class="col-cloud">Varies — data may be stored internationally</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<!-- GOOD PRACTICES -->
|
|
<div class="section-title">Good security practices for your team</div>
|
|
<div class="info-grid">
|
|
<div class="info-card">
|
|
<h4>Use your own account</h4>
|
|
<p>Never share your Open WebUI login with colleagues. Each person should have their own account. This ensures conversation history is private and access can be individually revoked when needed.</p>
|
|
</div>
|
|
<div class="info-card">
|
|
<h4>Lock your screen</h4>
|
|
<p>The AI chat interface runs in a browser. Lock your computer when stepping away to prevent others from reading your conversation history or uploading documents under your account.</p>
|
|
</div>
|
|
<div class="info-card">
|
|
<h4>Log out when done (shared workstations)</h4>
|
|
<p>On shared workstations, always log out of Open WebUI when you are done. Your conversation history, including any documents you have discussed, remains visible until you log out.</p>
|
|
</div>
|
|
<div class="info-card">
|
|
<h4>Report unusual behaviour</h4>
|
|
<p>If the AI behaves unexpectedly, produces outputs that seem wrong, or if you notice anything unusual about the system, report it to your administrator. Don't share the output externally until the issue is understood.</p>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- CONTACT -->
|
|
<div class="sec-contact">
|
|
<div class="sec-contact-icon">🛡️</div>
|
|
<h3>Security questions or concerns?</h3>
|
|
<p>If your organisation's security team needs technical documentation, architecture diagrams, or a briefing on the system's security posture, contact Cezen support.</p>
|
|
<a href="mailto:support@cezentech.com" class="btn-primary" style="display:inline-block;margin-top:16px;text-decoration:none">Contact Cezen Support</a>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
<footer>
|
|
<p>Nexus One AI · Powered by Cezen · Basic Tier</p>
|
|
<p>Questions? <a href="mailto:support@cezentech.com">support@cezentech.com</a> · <a href="https://cezentech.com" target="_blank">cezentech.com</a></p>
|
|
</footer>
|
|
|
|
<script src="auth.js"></script>
|
|
<script src="branding.js"></script>
|
|
</body>
|
|
</html>
|