How is Altor different from a docs chatbot?

Docs chatbots answer 'how does this work?' from your knowledge base. Altor answers 'why is this broken for this customer right now?' by querying their actual API logs, checking your bug tracker, and verifying their billing status — across 6+ systems in under 2 minutes.

How is Altor different from our support platform?

Pylon, Plain, Zendesk — they route and manage tickets. Altor investigates them. We plug into your existing support tool as the investigation layer. You keep your workflows, we add the diagnosis.

Will Altor take actions without asking?

Not by default. Altor starts as a read-only investigator — it surfaces a diagnosis for your team to review. You control which action types graduate to auto-approval. Destructive actions are never automated.

What if our stack isn't listed?

If an API exists for your system, we can integrate it. The architecture composes tools — it doesn't hardcode connectors. We've yet to encounter a B2B stack we can't connect to.

What does Altor pricing look like?

Usage-based — you pay per investigation, not per seat. Pricing is quoted in USD ($) with no minimum commitment. We'll scope pricing during the demo based on your ticket volume and systems.

Security & Trust

Read-only. Encrypted. No training on your data.

Altor connects to your production systems to run investigations. We take that access seriously. Here is exactly what we do and don't do with your data.

✓Read-only by default

✓TLS 1.2+ encryption

✓No model training

✓SOC 2 in progress

◉

Read-only by default

Every Altor deployment starts with read-only access. We request the minimum permissions required for investigation — read access to logs, bug trackers, billing records, and deployment history. We never request write or delete access without explicit conversation and approval.

⊟

Your data is not used for training

Data from your production systems is used only to generate the investigation diagnosis for that specific ticket. It is never used to train models, improve our general system, or shared with any third party. Your investigation data is yours.

⊞

Encrypted in transit and at rest

All connections between Altor and your production systems use TLS 1.2+ encryption. Data at rest is encrypted using AES-256. Credentials are stored in isolated, encrypted vaults — never in plain text, never in application code.

○

No destructive automation

Write and delete actions are never automated. The read/write/delete permission model is explicit: reads are auto-approved on day one, writes require human approval per action type, and destructive actions are never taken automatically under any circumstances.

Security FAQ

What credentials do you need from us?

Read-only API keys or service account credentials for each connected system (ClickHouse, Linear, Stripe, GitHub, etc.). We document the exact permissions required for each integration before connection. We request nothing beyond what is needed to query the data for investigation.

Where is investigation data stored?

Investigation results are ephemeral. We store the diagnosis output for your team to access, but the raw data queried from your systems is not persisted beyond the investigation session. Investigation logs are retained for 30 days for debugging, then deleted.

Do you have a DPA (Data Processing Agreement)?

Yes. We provide a DPA for enterprise engagements. Email us to request it before your security review.

Can we review your architecture before engaging?

Yes. We provide a security architecture one-pager and are available for a security review call before contract. Email anshul@altorlab.com to request documentation.

What is your SOC 2 status?

SOC 2 Type II audit is in progress. We can share the audit timeline and scope on request. Enterprise customers who need SOC 2 before engagement: contact us to discuss bridging controls.

Do you store our ClickHouse credentials?

Credentials are stored in an encrypted secrets vault (isolated from application infrastructure) with access logged and audited. They are never committed to code, never logged in plaintext, and never accessible to anyone outside the infrastructure.

Need security documentation?

We provide a security architecture one-pager and DPA for enterprise reviews. Email us to request.

Request docs →