SOC 2 ready. HIPAA compatible. GDPR compliant. Every action audited.
Compliance
We meet the security standards your organization requires before you even ask.
Independent audit of security controls, availability, processing integrity, confidentiality, and privacy.
Full data subject rights support, lawful processing bases, and data processing agreements.
Technical safeguards, access controls, and audit logging meeting HIPAA Security Rule requirements.
Military-grade encryption for all data at rest. TLS 1.3 for all data in transit.
Security Architecture
Nine layers of security, from database isolation to sandbox execution, protecting every byte and every action.
Every database query is automatically scoped to the requesting organization. No data leakage between tenants, ever.
5 governance agents evaluate every action before execution. Guardian, Budget, Compliance, Security, and Optimization.
Every decision, every agent action, every data access — logged with full timestamp, user context, and reasoning chain.
Per-agent and per-studio spend caps with real-time tracking. Budget Agent blocks execution when limits are reached.
Agents earn autonomy over time through measurable performance. New agents start supervised. Proven agents act independently.
Scoped, rotatable, and hash-stored API keys. Per-key permissions, rate limits, and expiration policies.
Enterprise identity federation with your existing identity provider. SCIM provisioning for automated user lifecycle.
Four-tier classification system: Public, Internal, Confidential, and Restricted. Agents respect classification boundaries.
All generated code runs in E2B isolated sandbox environments. No access to host system, network, or other tenant data.
The Service Engine
Nothing executes without oversight. Every agent action flows through five gatekeepers that evaluate, approve, or block in real time.
Guardian
Validates every action against business rules and organizational policies before execution.
Budget
Tracks real-time spend per agent and studio. Blocks execution when caps are reached.
Compliance
Ensures regulatory requirements are met. Industry-specific rules for HIPAA, SOX, PCI-DSS.
Security
Monitors for anomalous behavior, data exfiltration attempts, and privilege escalation.
Optimization
Identifies inefficiencies and suggests improvements. Prevents redundant or wasteful operations.
Data Handling
Complete transparency about how we store, encrypt, retain, and delete your data.
All data resides in Supabase PostgreSQL databases hosted on AWS infrastructure. US-based regions by default, with EU and APAC options for enterprise customers.
AES-256 encryption for all stored data, including database records, file uploads, and cached embeddings. Keys are managed through AWS KMS with automatic rotation.
TLS 1.3 enforced on all connections. HTTP Strict Transport Security (HSTS) headers. Certificate pinning for API communications.
Configurable retention policies per studio. Default 90-day retention for audit logs, 30 days for agent execution logs. Enterprise customers control all retention windows.
Full data deletion on request. All user data, agent configurations, studio content, and associated embeddings are permanently removed within 30 days of a verified request.
Need on-premise hosting, dedicated infrastructure, or a custom compliance configuration? Our enterprise team will work with your security requirements.
Contact salesSecurity features are included in every plan. SOC 2, SSO, and advanced compliance are available on Team and Enterprise tiers.
View pricing