Security & Compliance

Enterprise security,
built in — not bolted on

SOC2 compliant. AES-256-GCM encrypted. Immutable audit trail. Because your AI agents handle your most sensitive data — and we protect it at every layer of the stack.

SOC2 Type II Ready ?
AES-256-GCM ?
Financial RBAC ?
Immutable Audit
PII Scrubbing ?
SAML SSO ?
256-bit
Encryption Key Length
210+
Audit Event Types
29
Compliance Documents
41
Vault Security Features
0
Raw Credentials Exposed to Agents
Encryption at Rest

Every byte encrypted.
Per-org, per-key.

Application-layer AES-256-GCM encryption happens before any write hits the database. No cross-org key sharing. Ever.

Per-Org Key Isolation

Each organisation receives a dedicated AES-256-GCM encryption key. Breach of one org's data cannot expose another's — keys never co-mingle at rest or in transit.

AES-256-GCM
Explore implementation

Encrypted Data Scope

OAuth tokens, TOTP secrets, agent memory tiers, execution logs, financial transaction data, API keys, webhook secrets — all encrypted before DB writes.

App-layer encryption
View full scope

Key Rotation

Encryption keys support rotation without service interruption. Re-encryption runs as a background job, old key versions are securely retired post-migration.

Zero-downtime rotation
Rotation details
Authentication & Access Control

Identity-first.
Zero trust by default.

Modern auth stack built on Better Auth with WorkOS SAML SSO. Humans and agents each carry distinct identity tiers with enforced data classification boundaries.

Better Auth Framework

httpOnly cookie sessions (no localStorage tokens), TOTP-based 2FA with backup codes, API keys with per-key rate limiting and fine-grained scopes. JWT fallback for legacy integrations with automatic rotation.

Better AuthTOTP
Auth implementation

WorkOS SAML SSO

Plug-in enterprise identity: Okta, Azure AD, Google Workspace, and any SAML 2.0 provider. JIT provisioning, group-to-role mapping, and session duration controls enforced at the IdP layer.

SAML 2.0WorkOS
SSO configuration

Financial RBAC — 7 Tiers ?

4 human roles (Admin, Manager, Developer, Viewer) + 3 agent tiers (Tier 1: read-only reporting, Tier 2: operational transactions, Tier 3: strategic planning). Each tier enforces its own data classification ceiling.

Public Internal Confidential Secret
RBAC matrix

API Keys & Rate Limiting

Scoped API keys with expiry, per-key rate limits, and automatic revocation on suspicious patterns. All endpoints protected — no unauthenticated surfaces exposed, even internally.

Rate limitingScoped keys
Key management
Immutable Audit Trail

Every action, permanent record.

Hash-chained, append-only audit log. Tampered records break the chain. Your auditors can verify every event without touching production systems.

210+ Event Types

210+ events logged

Agent actions, human actions, financial transactions, security events, compliance checks, credential access, data exports — all captured with structured metadata, actor identity, and precise timestamps.

Event catalogue

Tamper-Evident by Design

Each audit record includes the SHA-3 hash of the previous record. Any modification to historical records breaks the chain — detectable instantly. No silent data manipulation possible.

Cryptographic design

Compliance Export

Structured exports for SOC2 assessors, formatted for common GRC platforms. Point-in-time snapshots, date range filtering, actor-scoped queries. Evidence generation takes minutes, not days.

Export capabilities

Medic Agent — Self-Healing Compliance

The Medic agent runs nightly security patrols. Permission drift detection, expired credential revocation, audit chain integrity verification, anomaly flagging. Issues are auto-remediated or escalated to humans with full context.

Medic agent capabilities
SOC2 Compliance

29 documents.
Zero guesswork.

A complete compliance framework — control matrix, risk register, incident response, disaster recovery, and continuous automated monitoring via the Auditor agent.

29 Compliance Documents

Control Matrix — maps controls to TSC criteria
Risk Register — likelihood/impact scoring
Incident Response Plan — with RTO/RPO targets
Disaster Recovery Procedures
Change Management Framework
Vendor Management & Third-Party Risk
Data Classification Policy
Access Review Procedures
+21 additional compliance artifacts
View document list

Auditor Agent — Continuous Compliance

The Auditor agent runs nightly security patrols across your entire platform footprint. It checks permission drift, validates encryption at rest, verifies audit chain integrity, and flags deviations before your next assessment.

Expired credentials are auto-revoked. Misconfigurations are surfaced with remediation steps. Compliance posture is always current — not a snapshot.

Nightly patrolsAuto-remediation
Auditor capabilities

Disaster Recovery

Defined RTO and RPO targets with documented runbooks. Automated backup verification, geo-redundant storage, and recovery testing on a regular cadence. Failover procedures tested — not just written.

RTO/RPO defined
Recovery targets

Vendor Management

Every third-party integration is assessed for security posture before onboarding. Ongoing vendor review cadence, sub-processor agreements, and data flow documentation for your DPA and privacy obligations.

Third-party risk
Vendor framework
Agent Safety & Guardrails

Autonomy with hard limits.

Agents have real autonomy — but inside defined boundaries. Hard limits can never be overridden. Soft limits are configurable by org admins. Every decision is replayable.

Hard vs. Soft Limits

Type Rule Configurable?
Hard No production data deletion Never
Hard No external client communications Never
Hard No security codebase changes Never
Hard No agent identity impersonation Never
Soft Max cost per bead / per run Admin-configurable
Soft Max consecutive autonomous beads Admin-configurable
Soft Max file changes per PR Admin-configurable
Full safety architecture

Client Content Approval Gate

The enforceClientContentApproval middleware blocks all agent-generated client-facing content until a human approves it. No outbound AI content without a human checkpoint.

Human-in-the-loop
Approval workflow

Context Replay Viewer ?

Step through any agent's decision tree post-hoc. See exactly what context it had, what tools it called, what it considered, and why it made each choice. Full interpretability for any action.

Decision audit
Replay interface

PII Scrubbing Pipeline ?

All data passing to AI model APIs is routed through a PII detection and scrubbing pipeline. Names, emails, phone numbers, SSNs, financial identifiers — replaced with tokenised placeholders before any LLM call.

Pre-LLM scrub
Scrubbing details
Credential Vault

Agents never see
raw credentials.

Zero-knowledge credential vault proxy architecture. Agents call the vault proxy — the vault calls the downstream service. Credentials stay isolated in a separate Bun service. Always.

Zero-Knowledge Proxy Architecture

The credential proxy runs as an isolated Bun service on port 8443, completely separate from the main application. It holds and uses credentials — agents only hold scoped, time-limited proxy tokens. Even if an agent is compromised, the credentials remain unreachable.

Agent → proxy_token → Vault:8443
Vault → raw_credential → Downstream API
Response → scrubbed → Agent
credential never crosses agent boundary
Full vault architecture

41 Security Features

Encrypted at rest
Break-glass access
Access audit log
Time-limited tokens
Scope enforcement
Auto-expiry
Anomaly detection
Multi-approver unlock
+33 more controls
All 41 features

Break-Glass Emergency Access ?

Emergency credential access with mandatory dual-approval, full audit trail, automatic expiry, and post-incident review workflow. Every break-glass event triggers immediate notification to security leads with complete context capture.

Break-glass usage is flagged in the compliance dashboard and included in the next audit report — no silent emergency access.

Dual-approvalFull audit
Emergency access design
Infrastructure & Observability

Structured logging.
Request-ID correlated.

Every request traceable end-to-end. Betterstack structured logs, Sentry error tracking, Bun native WebSocket with org-scoped channels. Isolation at every layer.

Betterstack Structured Logging

Every log line carries a request-ID, org context, actor identity, and trace data. Correlated across services. Searchable, alertable, exportable. No needle-in-haystack debugging.

Request-ID correlation
Logging architecture

Sentry Error Tracking

Error events enriched with user context, org ID, request trace, and reproduction breadcrumbs. PII is scrubbed before transmission to Sentry. Alerting on error rate thresholds with Slack/PagerDuty integration.

PII-scrubbed payloads
Error tracking config

Per-Org Data Isolation

Middleware-enforced org-scoping on every query. WebSocket channels are org-scoped — no cross-org message leakage possible. API keys cannot access data across org boundaries even if compromised.

Middleware isolation
Isolation model
Tachyon logo

Security your auditors
will love.

Request a security briefing, review the SOC2 documentation, or talk to our team about your specific compliance requirements.