Security & Data Handling

How Mulkern AI Systems handles your data

A reference for CFOs, finance leaders, and security/IT reviewers · Updated June 2026

In one paragraph.

Every deliverable runs on your own Anthropic (Claude) API key — you bring the key; we never issue or hold one for you.
We store no business data. There is no Mulkern AI database of your financials, documents, intake answers, or generated deliverables.
Your inputs are used only in the moment to generate your deliverable, then nothing is retained on our side.
Other customers cannot access your data — separate keys, no shared data store.

How a deliverable is produced

Your browser. You enter your inputs and your own Anthropic key (and a Mulkern AI license key, which only unlocks the workflow — your Anthropic key pays for and runs the inference). Saved inputs live in your browser's local storage, not on our servers.

Our gateway — in transit only. To generate a report, your inputs and key pass through a stateless Cloudflare edge worker that attaches the agent's instructions and calls Claude on your key. It runs in-memory in real time — nothing is written to disk, logged, or retained.

File imports go further. If you upload a file to pre-fill the form, it is read in your browser and sent directly to Anthropic on your key — bypassing our servers entirely.

Claude, on your account. Anthropic performs the inference under your own account and API terms, then streams the result back to your browser. Nothing is retained at any Mulkern step.

Honest framing: your data is transmitted (encrypted) to Anthropic for processing — it is not processed solely on your local machine. It is simply never stored, logged, or retained by Mulkern AI.

What we store — and what we never store

We keep (to operate the product)	We never store
Your Mulkern AI license key Basic usage counts (for support & refunds — never to meter or throttle you)	Your financials, documents, or uploads Your intake answers or generated deliverables Your Anthropic API key

None of what we keep is your business content. We run no analytics on your content, and we never sell or share your data.

Questions security teams ask

Does our data ever leave our environment?

Yes — honestly. To generate a report, your inputs are transmitted (over HTTPS/TLS) to Anthropic for processing. They are not processed entirely on your local machine. They are not stored by Mulkern AI.

Is our data used to train AI models?

No. Anthropic does not use commercial API inputs or outputs to train its models by default.

How long does Anthropic retain the data?

Per Anthropic's commercial API terms, data may be retained for a limited period (currently up to roughly 30 days) for trust-and-safety, then deleted. Zero-data-retention is available to approved Anthropic API customers (see "Higher-assurance options"). Mulkern AI itself retains none of it.

Can another Mulkern AI customer see our data?

No. Each customer uses their own Anthropic key; Anthropic logically separates customers; there is no shared Mulkern database; and we store no business content. There is no feature by which one customer can view another's inputs or deliverables.

Who can see our Anthropic API key?

Your key is used to call Claude and is never stored or logged by us. Anyone you share your key with (employees, contractors) may see usage in your Anthropic console — manage that within your own Anthropic account. You can revoke or rotate the key at any time.

Is data encrypted in transit?

Yes — all traffic uses HTTPS/TLS. The agents themselves are static pages; our gateway is a stateless edge worker with no application database holding your content.

What controls do we have?

Revoke or rotate your Anthropic key anytime; set a spend cap on your Anthropic account so costs never surprise you; and clear browser-saved inputs whenever you like.

Sub-processors

Provider	Purpose	Business data handling
Anthropic (Claude)	Model inference, on your key	Processes inputs in the moment; not used for training; ~30-day trust-and-safety retention; ZDR available
Cloudflare	Static hosting + stateless gateway; license/usage store	Gateway sees inputs in transit only (not stored or logged); stores only license key + usage counts
Stripe	Payments & licensing	Billing details only — no business or deliverable data

Higher-assurance options

For banks, private equity, public companies, and healthcare organizations with stricter requirements, the following can be arranged:

Zero-data-retention with Anthropic, so inputs/outputs are not retained by the provider.
Private / VPC or on-premise model deployment for "data never leaves our environment" requirements.

Before you enter confidential data: these agents send your inputs to Anthropic for processing. Do not enter information restricted by NDA, material non-public information (MNPI), or regulation unless your organization's policies permit sending it to a third-party AI provider.

Certifications & honest posture

Mulkern AI Systems is an early-stage company and does not currently hold SOC 2 or ISO 27001 certification. Our architecture is deliberately designed to minimize what a security review must trust: we store no business data, you bring your own AI key, and the gateway is stateless. The largest practical risks in this model are ordinary ones — protecting your own API key, and your own policies on sending data to third-party AI — rather than a central Mulkern data store.

One honest limit

Deliverables are AI-generated and illustrative. Validate every figure and have qualified advisors review the output before acting. Mulkern AI is not financial, legal, tax, HR, or accounting advice.