Security
Your data never leaves your control.
Vokt is designed for self-hosted deployment. Every layer — storage, retrieval, LLM routing, audit — lives inside your environment.
Self-hosted by default
Single Docker image. Runs on your hardware or your private cloud. No outbound calls required.
Tenant isolation (RLS)
Postgres row-level security enforces tenant boundaries at the database layer. Not just app-level checks.
Per-role PG users
Agents connect as a vokt_agent role that literally cannot write to live tables. Defense in depth.
EU-native LLM routing
Bring your own keys — Scaleway, Nebius, Mistral, Anthropic. Or run fully local with Ollama / llama.cpp.
Full audit trail
Every query, tool call, LLM call, and wiki edit is traced. Export for compliance review.
Prompt-injection scanning
Ingested documents pass through regex + Unicode checks before reaching the LLM.
Agent staging queue
Agents do not write directly to live data. Every agent-originated change goes through a staging queue with a governance tier. Tier-1 auto-approves; Tier-3+ requires human review.
No vendor lock-in
Everything runs on Postgres + pgvector. Your wiki is portable markdown. Your knowledge graph is portable JSON. Migrate away at any time — the data shape is yours.
GDPR posture
Because Vokt runs in your infrastructure, you stay the data controller. There is no Vokt-side log of your content, no telemetry that includes customer data, no shadow index.