Security you can verify

Encryption everywhere

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are hashed before storage.

Network isolation

Production services run in private subnets with strict security groups. No direct public access to databases or internal services.

Continuous monitoring

24/7 infrastructure monitoring, anomaly detection, and automated alerting across all production systems.

Minimal data collection

We collect only the data required to operate the service. Usage logs are not linked to individual identities.

No advertising tracking

We do not use cookies or similar technologies for advertising or cross-site tracking. Zero third-party ad trackers.

Data retention controls

Data is retained only as long as needed. You can request account deletion and removal of all associated personal information.

Full audit trail

Every API call is logged with metadata, timestamps, and execution context for complete traceability.

RBAC access control

Role-based access control with scoped API keys and configurable permission boundaries.

Sandboxed execution

Agent calls execute in isolated, session-scoped environments. No shared state across tenants.

Report vulnerabilities to our security team. We aim to acknowledge reports within 48 hours and provide a resolution timeline within 5 business days.

Reporting guidelines

• •Provide a detailed description with reproduction steps
• •Do not access or modify other users' data
• •Allow reasonable time for a fix before public disclosure
• •Do not use automated scanning tools against production systems