Security & Data Privacy
How Damira AI handles your data — PII redaction, execution modes, data retention, and enterprise deployment.
Your network configurations, command outputs, and device data are sensitive. Damira AI is built with data protection as a core design principle, not an afterthought.
PII Redaction
Before any data is processed by the AI model, Damira automatically strips sensitive information from your input:
| Data Type | What Happens |
|---|---|
| Public IP addresses | Replaced with safe placeholders (10.99.x.x range) |
| Passwords & secrets | Permanently redacted — cannot be recovered |
| SNMP community strings | Replaced with generic labels |
| Customer names | Replaced with anonymous identifiers |
| Hostnames & FQDNs | Replaced with generic device labels |
| Banner text | Stripped of identifying information |
This happens automatically on every request. You don't need to sanitize configs before pasting them. When the AI responds, Damira restores the original values in your output so the commands are ready to use.
After redaction, a verification step confirms that no sensitive values survived in the processed text. If any leak is detected, it's logged for review.
Execution Modes
Damira operates in three security modes that control how it interacts with your network:
Advisor Mode (Default)
The assistant recommends commands but never executes anything on your devices. You run the commands yourself and paste the output back. Your device data stays entirely within your network.
This is always the default. You don't need to configure anything — Damira starts in advisor mode automatically.
Guided Mode (Opt-in)
Each command is shown to you for explicit approval before execution. Nothing runs without your "Approve" action. Use this when you trust the connection but want human-in-the-loop control.
Lab Mode (Explicit)
Commands execute automatically on connected devices. Only available for designated test environments. Must be explicitly enabled — never activates by default.
Data Retention
| What | Retention |
|---|---|
| Chat messages | Stored locally in your VS Code extension — not on Damira servers |
| Network configs you paste | Processed in-memory, not stored after the session |
| Generated documents | Saved to your local machine in the output folder you configure |
| Research briefs | Stored in your project workspace, scoped to your account |
| Monitoring queries | Read-only queries to your systems — Damira stores no metrics |
Monitoring Integration Security
When you connect monitoring tools (Prometheus, Grafana, Loki, ServiceNow), all queries are read-only:
- Damira queries metrics and alerts — it never modifies dashboards, silences alerts, or changes configurations
- Monitoring credentials stay in your VS Code settings or environment — they're sent directly to your monitoring endpoints, not stored by Damira
- ServiceNow tickets are created only when you explicitly approve them through the ticket gate
Enterprise Deployment
Organizations requiring full control can self-host Damira:
- Your infrastructure — AI processing runs on your GPUs (AWS, Azure, or on-prem)
- Zero data retention — Damira provides the agent software; you own the data and models
- No external calls — All processing stays within your network boundary
- SOC 2 compliant — The AI processing infrastructure meets SOC 2 requirements
Rate Limiting
Rate limits exist for abuse prevention, not as pricing gates. Each tier has daily and per-minute limits. If you exceed a limit, you'll receive a clear error with a Retry-After header indicating when you can resume.
| Tier | Daily Limit | Per-Minute |
|---|---|---|
| Free | 50 | 5 |
| Starter | 300 | 15 |
| Pro | 800 | 20 |
| Team | 2,000 | 60 |
| Enterprise | Unlimited | 100 |
Related
- Pricing & Tiers — What each tier includes
- Troubleshooting — How advisor mode works in practice
- Monitoring — Connect Prometheus, Grafana, and ServiceNow