D
Damira AI

Security & Data Privacy

How Damira AI handles your data — PII redaction, execution modes, data retention, and enterprise deployment.

Your network configurations, command outputs, and device data are sensitive. Damira AI is built with data protection as a core design principle, not an afterthought.

PII Redaction

Before any data is processed by the AI model, Damira automatically strips sensitive information from your input:

Data TypeWhat Happens
Public IP addressesReplaced with safe placeholders (10.99.x.x range)
Passwords & secretsPermanently redacted — cannot be recovered
SNMP community stringsReplaced with generic labels
Customer namesReplaced with anonymous identifiers
Hostnames & FQDNsReplaced with generic device labels
Banner textStripped of identifying information

This happens automatically on every request. You don't need to sanitize configs before pasting them. When the AI responds, Damira restores the original values in your output so the commands are ready to use.

After redaction, a verification step confirms that no sensitive values survived in the processed text. If any leak is detected, it's logged for review.

Execution Modes

Damira operates in three security modes that control how it interacts with your network:

Advisor Mode (Default)

The assistant recommends commands but never executes anything on your devices. You run the commands yourself and paste the output back. Your device data stays entirely within your network.

This is always the default. You don't need to configure anything — Damira starts in advisor mode automatically.

Guided Mode (Opt-in)

Each command is shown to you for explicit approval before execution. Nothing runs without your "Approve" action. Use this when you trust the connection but want human-in-the-loop control.

Lab Mode (Explicit)

Commands execute automatically on connected devices. Only available for designated test environments. Must be explicitly enabled — never activates by default.

Data Retention

WhatRetention
Chat messagesStored locally in your VS Code extension — not on Damira servers
Network configs you pasteProcessed in-memory, not stored after the session
Generated documentsSaved to your local machine in the output folder you configure
Research briefsStored in your project workspace, scoped to your account
Monitoring queriesRead-only queries to your systems — Damira stores no metrics

Monitoring Integration Security

When you connect monitoring tools (Prometheus, Grafana, Loki, ServiceNow), all queries are read-only:

  • Damira queries metrics and alerts — it never modifies dashboards, silences alerts, or changes configurations
  • Monitoring credentials stay in your VS Code settings or environment — they're sent directly to your monitoring endpoints, not stored by Damira
  • ServiceNow tickets are created only when you explicitly approve them through the ticket gate

Enterprise Deployment

Organizations requiring full control can self-host Damira:

  • Your infrastructure — AI processing runs on your GPUs (AWS, Azure, or on-prem)
  • Zero data retention — Damira provides the agent software; you own the data and models
  • No external calls — All processing stays within your network boundary
  • SOC 2 compliant — The AI processing infrastructure meets SOC 2 requirements

Rate Limiting

Rate limits exist for abuse prevention, not as pricing gates. Each tier has daily and per-minute limits. If you exceed a limit, you'll receive a clear error with a Retry-After header indicating when you can resume.

TierDaily LimitPer-Minute
Free505
Starter30015
Pro80020
Team2,00060
EnterpriseUnlimited100

On this page