Security

Last updated: 18-Aug-2025

We take a “defense-in-depth” approach combining secure cloud infrastructure, strong access controls, encryption, monitoring, and a formal incident response playbook.

1) Architecture & Hosting

• Clouds: Multi‑cloud deployment on AWS and Microsoft Azure.
• Regions & residency: Default regions selected for performance and reliability; data residency options available for Enterprise plans (contact sales).
• Isolation: Production services run in isolated VPC/VNet environments with least-privilege security groups/NSGs and WAF in front of public endpoints.

2) Data Protection

• Encryption in transit: TLS 1.2+ for all external and internal endpoints.
• Encryption at rest: Managed encryption for databases, object storage, and backups (AWS KMS/Azure Key Vault).
• Secrets management: Scoped API keys and credentials stored in cloud secret managers; automatic rotation for core secrets.

3) Identity, Access & Audit

• SSO/MFA: SSO available on Enterprise plan.
• RBAC: Role-based access controls for tenant admins, users, and billing roles available on Enterprise plan.
• Audit trails: Administrative actions and agent runs are logged with timestamps; immutable logs retained per policy on Enterprise plan.

4) Application Security

• SDLC: Code reviews, automated dependency scanning, CI checks, and least-privilege service accounts.
• Vulnerability management: Monthly scans; critical issues triaged immediately; patch SLAs based on severity.

5) Business Continuity

• Backups & recovery: Encrypted daily backups; point-in-time recovery for primary databases; restoration drills at least twice per year.
• High availability: Redundant instances and auto-scaling across availability zones where supported.

6) Incident Response

• Incidents triaged by severity.
• Customer notification without undue delay and, where applicable, within 72 hours of confirming a breach affecting personal data.
• Root-cause analysis and corrective actions shared for material incidents.

7) Sub‑processors

We use reputable vendors (e.g. AWS, Microsoft Azure, email and analytics providers) to deliver the service.

8) Customer Controls

• Data export & deletion: Admins can export and request deletion of customer data.
• Retention settings: Configurable retention for agent outputs on enterprise plans.
• API & Webhooks: Scoped keys and IP allow-listing available on enterprise plan.

Security questions? Email albert@agentsverse.cloud.