An assistant you can
actually trust.
An assistant that works on its own is only as trustworthy as the walls around it. Every assistant on ServeMy.ai runs privately and securely — with access only to what you allow, a spending cap you set, and a complete record of everything it did. You stay in control of something you never have to touch.
Reports & certificates available under NDA — request the trust package
Seven layers between your assistant and anything going wrong.
Letting an assistant work on its own raises the stakes, so we built the safeguards to match — from where it runs to the last dollar it's allowed to spend.
Nothing for attackers to log into
There's no server to break into — not for you, and not for us. The thing attackers usually reach for simply isn't there. Each assistant runs on a fresh, locked-down setup that's rebuilt rather than logged into. (No SSH, no root, no shared bastion; immutable runtimes.)
Each assistant is walled off on its own
Every assistant runs in its own private space, with its own network and storage. One assistant can never see another's data, passwords, or files — even within your own account. (A dedicated, sandboxed runtime per assistant.)
Encrypted, end to end
Your data is encrypted everywhere it lives and everywhere it travels. The keys to the tools you connect sit in a locked vault, scrambled with keys unique to you and never written to logs. (AES-256 at rest, TLS 1.3 in transit, per-tenant keys.)
Access only to what you allow
You connect a tool with one click, and your assistant gets only the access it needs — nothing more. Change your mind? Cut off any connection from your dashboard and access is gone instantly. (One-click OAuth or narrowly-scoped tokens, least-privilege by default.)
A complete record of everything it did
Every move your assistant makes — every app it used, file it changed, request it sent, and dollar it spent — is written to a complete, readable log you can export. Nothing it does is hidden from you. (An immutable, exportable audit log.)
A spending cap and an off switch
Set a budget for each assistant up front. If anything looks off, one button stops it mid-task and freezes its connections — no waiting on a support ticket. (Per-assistant spend caps and rate limits.)
Independent controls, layered so that no single failure exposes your data, your connections, or your budget.
Your data isn't our product.
We make money running the service, not mining what your assistants read and write. These commitments are written into our data agreement (DPA), not just this page.
- Your data is yours. We never train models on your prompts, files, or outputs — full stop.
- Use your own AI provider (advanced) and the AI work never touches our systems or your data.
- Connection tokens are encrypted with per-tenant keys and stored apart from your workloads.
- Audit logs and agent state are deleted within 30 days of an agent being decommissioned.
- We keep only the basic information needed to bill, secure, and run your assistants — nothing more.
- Request a full export or deletion of your account data at any time, honored within 30 days.
Choose where your data lives — and keep it there.
On the Fleet plan you choose where each assistant runs and where its data lives. Your work, storage, and logs stay inside the region you pick. Teams with strict requirements can get a fully private, isolated setup (private VPC).
A short, public list.
We rely on a deliberately small set of trusted outside services (subprocessors). The full list is published and updated whenever it changes, with advance notice for Fleet customers.
Found something? We want to hear it first.
We run a coordinated disclosure program and respond to every credible report within one business day. Good-faith research is always welcome — and rewarded.
Have a security questionnaire?
Send it over — or just set up an assistant and watch the safeguards work. Either way, you stay in control.