Most security pages list certifications. This one explains a design stance: in Donna, the secure path and the only path are the same path. If a rule can be enforced by architecture instead of policy, we enforce it by architecture, because architecture does not get tired, rushed, or phished.
There are no connection strings
The classic way services talk to databases is a credential in configuration: a connection string, an API key, a secret that can leak, linger in a log, or outlive the person who set it. Donna’s services hold no stored data-plane credentials at all. Each service has a managed identity issued and rotated by the cloud platform itself, and data services accept that identity or nothing. There is no password to steal because there is no password.
Your identity travels with your request
Inside many platforms, the backend talks to the database as an all-powerful system user, and access control is a filter the application promises to apply. Donna propagates the user’s own identity through the call chain instead: when you ask a question, the services acting for you act as you, and the permission check happens against you, at the layer that holds the data. The practical consequence: Donna’s AI can only ever retrieve what the person asking is entitled to see, because the retrieval itself is performed in their name.
The data layer has no front door
Every data service that holds matter content, documents, indexes, records, keys, lives on private network endpoints with public access disabled. This is not a firewall rule that says no; it is the absence of a route. An attacker who somehow held valid credentials would still need to be standing inside the network, and the network’s interior is reserved for identities the platform itself issued.
Isolation that follows the work
- Per-Space authorisation. Membership in a Space is the unit of access. Retrieval, realtime events and agent tools are all trimmed to it, beneath the model layer.
- Approval gates. Outward-facing actions, inviting an external party, delivering documents, pass through explicit human approval, with dual control where the action crosses the firm’s boundary.
- Audit as a side effect. Agent runs, document deliveries and permission changes produce their audit trail by existing, not by remembering to log.
- Malware never lands. Every upload clears a scanning gate before it touches a matter; failures are destroyed and their hashes denylisted.
Why structural beats procedural
Procedural security asks people to keep promises: rotate the secret, remember the filter, apply the policy. Structural security removes the promise: there is no secret, the filter is the query, the policy is the network. Small firms in particular deserve the second kind, because they are exactly the customers who cannot staff a team to keep the first kind’s promises. The most honest thing we can say about Donna’s security is that most of it cannot be turned off, by us or anyone else, without rebuilding the system.
