Security controls
AES-256-GCM encrypted provider keys with key versioning, scoped internal auth headers, route-level authorization, and three-state content safety verdicts on every execution.
Trust is a product feature.
Built for high-stakes AI workflows. Every control maps to concrete evidence so security and compliance reviews get references, not claims.
AES-256-GCMEncryption at rest
SOC 2 Type IIIn progress
GDPRCompliant
ISO 27001Aligned
Evidence map
Privacy and data handling
Clear policies for data use, request deletion flows, and in-product controls for personal and workspace context boundaries.
Reliability and failure recovery
Provider circuit breakers with automatic failover, typed API contracts, explicit error messaging, and user-actionable recovery pathways across every flow.
Legal and support channels
Dedicated contacts for legal, privacy, and support requests with direct escalation paths.
Data handling
GDPR compliance
EU data processing, right to access, right to deletion, and data portability for all user data.
Data retention
Execution logs retained 90 days. Memory entries persist until deleted. Provider keys encrypted at rest, never logged.
Access control
API key scoping, org-level isolation, workspace-level provider configs, and role-based access for team workspaces.
Operating principles
- No silent failures: if we can identify cause, we show it and provide next action.
- No hidden state: setup, billing, and key surfaces expose current state and next available action.
- No dead ends: every recovery message includes an immediate button or link to resolve.
Contact and escalation
For security, privacy, or legal requests, use the direct channels below. Include your workspace ID and request type to speed triage.