Trust Center
AI agents your auditor can also trust.
Every agent action is attributable, contemporaneously logged, hash-chained with HMAC anchored to GCP KMS, approval-gated above customer-defined thresholds, runtime scope-restricted, and exportable as auditor-grade evidence.
Controls overview
The eight load-bearing controls that make every agent's work defensible — all shipped today.
| Control | How it works | Status |
|---|---|---|
| Tamper-evident audit log | Every agent action is appended to a hash-chained audit log signed with an HMAC key rooted in Google Cloud KMS. Any retroactive edit breaks the chain and is detectable by replay. | Shipped |
| Separation-of-duties approvals | Sensitive agent changes require a second-party approval. The owner/admin who edited the agent cannot also approve the change — enforced server-side at decision time. | Shipped |
| Per-agent runtime policies | Each agent runs against a declarative policy: allow-listed tools, cost ceilings, network-egress allow-list, and approval gates. Violations short-circuit the tool call before any side effect. | Shipped |
| Evidence export | Owners can export a signed ZIP for any date range — manifest, body.tsv, and HMAC signature — suitable for auditor handoff or regulator request. | Shipped |
| Compliance-profile flip | Switching an org to the Regulated Industry profile raises retention to 7 years, forces PII filtering on, and pins the audit-signing version. The flip is itself an audit event. | Shipped |
| PII redaction | Prompts and responses pass through a configurable redactor before reaching upstream model providers. Detected SSNs, account numbers, and free-text PII are replaced with type-preserving placeholders. | Shipped |
| Retention sweep | A nightly sweep deletes records past the org’s retention horizon and prunes the audit chain forward, leaving a signed checkpoint. Every deletion is logged with a tombstone entry. | Shipped |
| KMS-rooted signing | All audit signatures derive from a Cloud KMS-managed signing key. Key rotation is supported, and previous signature versions remain verifiable indefinitely against archived public material. | Shipped |
What we do not claim
Honest > shiny. Where we don't yet have the certification or the property, we don't claim it.
- ❌ CMMC
- ❌ FedRAMP
- ❌ ITAR
- ❌ GovCloud
- ❌ SOC 2 (in progress; not certified)
- ❌ DCAA-certified
- ❌ "Immutable" (we say tamper-evident)
- ❌ "Blockchain" (we say hash-chained, append-only)
Stripe & PCI posture
Payments are processed via Stripe Checkout. Cardholder data (PAN) never touches our infrastructure; Stripe Checkout handles the entire card-capture surface. We hold a Stripe customer id and a subscription id, nothing more.
Subprocessors
The third parties that touch customer data in the course of normal operations.
| Vendor | Use |
|---|---|
| GCP | Primary cloud, KMS, storage, Firestore. |
| Temporal Cloud | Workflow orchestration. |
| Anthropic | Claude family models. |
| OpenAI | GPT family models. |
| Firebase | Auth + client-side state for the admin app. |
| Stripe | Payments (Stripe Checkout; no PAN on our infra). |
| SendGrid | Transactional and inbound email. |
| Mercury | Customer banking integrations (read-only via OAuth where used). |
Contact
Security reports, compliance questions, and auditor crosswalk requests all reach our security team.
Last reviewed against the shipped product: May 29, 2026