Trust & Security

Your data stays yours. Your agents run on isolated infrastructure with enterprise-grade protections.

Infrastructure Security

Every customer gets their own dedicated virtual server. No shared databases. No multi-tenant risk. Your AI agents run in complete isolation.

• Dedicated VPS — Each customer runs on a separate Hetzner Cloud instance (CX31+) in their preferred region
• No shared resources — Your data, configs, logs, and agent memory are physically isolated from other customers
• Firewall rules — Only SSH (key-based, no passwords) and HTTPS ports open. Everything else blocked by default
• Automatic updates — Security patches applied within 24 hours of release via unattended-upgrades

Data Protection

We treat your data like it belongs to you — because it does.

• AES-256 encryption at rest — All stored data encrypted on disk
• TLS 1.3 in transit — All communications encrypted end-to-end
• No training on your data — We never use customer data to train models. Period.
• Data residency — Choose your server region: US East, US West, EU (Frankfurt), or UK (London)
• 30-day deletion — Request account deletion and all data is wiped within 30 days, with cryptographic proof

Access Controls

• 1Password vault per customer — API keys and credentials stored in encrypted vaults, never in plain text
• SSH key-only access — Password authentication disabled on all servers
• Principle of least privilege — Agents only access the systems you explicitly authorize
• Audit logs — Every agent action is logged with timestamps. Available on request.

Compliance

SOC 2 Type I

Kickoff planned for Q2 2026. Our infrastructure already meets SOC 2 Trust Service Criteria for security, availability, and confidentiality.

HIPAA

Healthcare customers get BAA-ready deployments. Isolated infrastructure, encrypted PHI, access logs, and breach notification procedures built in.

GDPR

EU data residency available. Data processing agreements (DPA) provided. Right to deletion enforced. No data leaves your chosen region.

State-Level Regulations

We track evolving AI regulations including Colorado SB 205, NYC Local Law 144, and Illinois BIPA. Our agents are configured to comply with jurisdiction-specific requirements.

AI Model Security

• No data leakage between customers — Each agent instance runs independently with its own context
• Prompt injection defenses — Input validation, output filtering, and sandboxed execution
• Model provider controls — We use Anthropic Claude (SOC 2 Type II certified) with zero data retention agreements
• Human-in-the-loop — Critical actions (sending emails, financial transactions) require approval unless explicitly automated

Incident Response

• 24-hour SLA on security incident acknowledgment
• 72-hour notification for any data breach (GDPR-compliant)
• Post-incident reports provided within 5 business days
• Dedicated security contact for enterprise customers

Uptime & Reliability

• 99.5% uptime SLA for Managed Agent customers
• Automated health checks every 5 minutes
• Auto-restart on failure — systemd watchdog restarts agents within 30 seconds
• Daily encrypted backups with 30-day retention