The EZ4YouTech.com platform
One secure company workspace per client. Connect your AI provider account means you connect your own paid AI provider account; we route requests and do not mark up usage. How it works · Security · Pricing
Technical overview for IT and security reviewers
How the platform works
Three roles: one isolated company workspace per business. Everyday common utility tools plus one industry pack; depth grows by plan tier. Browse apps by industry.
Security at a glance
Built for client-facing and regulated work. We describe an enterprise-ready architecture. We do not claim SOC 2, ISO 27001, or HIPAA unless agreed in a signed contract.
- your AI provider account (Bring Your Own Subscription): your API keys, encrypted per company; never logged; billed by your provider
- Tenant isolation:
tenant_id on every JWT-backed request and storage path
- Role separation: admins configure keys; users run apps without handling secrets
- No data resale: subscription revenue only; prompts not sold for ads or model training
Core security controls
How we protect tenant data and credentials in the live application.
Authentication & access
- JWT with
tenant_id, plan, and role on every API call
- bcrypt password hashing; login rate limiting per IP
- RBAC: platform operator, partner, company admin, user
- Plan gating: app catalog and agent seats enforced server-side
provider account & data handling
- Fernet-encrypted provider keys in MongoDB Atlas
- Keys decrypted only for outbound provider requests
- Uploads and run history under
tenant_id/ storage paths
- Production security headers (HSTS, X-Frame-Options, Referrer-Policy)
Deeper diagrams: Architecture & security guide · Security FAQ
Technology stack & operations
For IT and security reviewers: USA production posture (May 2026).
- Azure production stack: Container Apps + Key Vault + Blob Storage
- MongoDB Atlas: tenants, users, usage, and encrypted subscription credentials
- provider account routing: tenant-owned keys to supported providers (try-order when multiple are configured)
- Tenant isolation: enforced by
tenant_id across API and storage paths
Production stack
| Layer | Technology | Role |
|---|
| Edge | HTTPS, CDN | TLS for marketing site and platform hostname |
| Application | FastAPI + Next.js | REST API and agent/admin workspace UI |
| Compute | Azure Container Apps | Managed runtime, tagged releases |
| Secrets | Azure Key Vault | JWT key, encryption key, Mongo URI, not in git |
| Database | MongoDB Atlas (M10) | Tenants, users, encrypted subscription credentials, usage |
| Storage | Azure Blob | Tenant-scoped documents and artifacts |
| AI | OpenAI, Together, Groq, xAI (Grok), DeepSeek, Mistral, Fireworks, OpenRouter, Azure OpenAI | Customer keys; billed on your provider account |
Security & data protection
| Area | Practice |
|---|
| Data in transit | TLS 1.2+ end-to-end |
| Secrets at rest | Fernet encryption for AI subscription credentials |
| Tenant isolation | API checks + tenant_id/ blob paths |
| Logging | No keys, passwords, or raw prompts in app logs |
| Ops | Azure Monitor; Atlas backups; blob soft-delete |
Your responsibilities
Supported AI providers
Connect the AI services you already use. You pay providers directly; EZ4YouTech.com does not markup tokens.
Your company admin configures credentials and try-order in the Secure AI Platform setup tab (comparison table with illustrative list prices). Router-ready providers:
- OpenAI, Together AI, Groq, Fireworks AI, DeepSeek, Mistral AI
- xAI (Grok): different vendor from Groq (groq.com)
- OpenRouter, Azure OpenAI
Anthropic, Google Gemini, and AWS Bedrock appear in the setup comparison; native API routing ships in a later release. Legacy Anyscale keys are not offered for new setups.
FAQ: supported providers · Open live platform setup
