Legal / SecuritySOC 2 In Progress

Security

Our approach to protecting your data, your agents, and your infrastructure. Security is engineered into the platform — not bolted on.

Security Controls

AES-256

Encryption at Rest

TLS 1.3

Encryption in Transit

Argon2id Hash

API Key Storage

RBAC + Zero Trust

Access Control

Immutable / 1 Year

Audit Logging

Quarterly

Penetration Testing

In Progress

SOC 2 Type II

HackerOne Program

Vulnerability Disclosure

Security Practices

Secrets Management

API keys are hashed with Argon2id and salted uniquely per credential. Plaintext secrets are never written to disk or logged. Key rotation is supported at any time without service interruption.

Network Isolation

Agent execution environments are isolated in ephemeral containers with no persistent network access to neighboring tenants. Egress is explicitly allowlisted per agent configuration.

Incident Response

We maintain a documented incident response plan with a 72-hour breach notification commitment. Critical incidents trigger an immediate postmortem published to the status page within 5 business days.

Dependency Management

All dependencies are pinned and continuously scanned with automated vulnerability detection. High-severity CVEs are patched within 24 hours. A software bill of materials (SBOM) is available on request.

Responsible Disclosure

Found a security vulnerability? We operate a responsible disclosure program through HackerOne. We acknowledge reports within 24 hours and pay bounties for confirmed critical findings.

security@dnawerkes.ai

Compliance →