AgentCompliant is now live. Start your 14-day free trial →
AgentCompliant

Trust & security

Enterprise security by design

AgentCompliant is built from the ground up with security-first architecture for enterprises that can't afford to compromise on AI governance.

Read our security whitepaperRequest a security review

Security architecture

Defense in depth for governed AI

Encryption, identity, auditability, and isolation are first-class — not bolted on after the fact.

End-to-end encryption

AES-256 at rest, TLS 1.3 in transit.

Sensitive fields encrypted with industry-standard algorithms.

Role-based access control

Clerk-powered RBAC with org-level isolation.

Least-privilege defaults for every user and service account.

Immutable audit trail

Append-only audit tables with hash chain verification.

Tamper-evident history across engines and gateway events.

API authentication

Bearer token + API key dual auth on all endpoints.

Scoped keys with plan-aware rate limits at the gateway.

Data isolation

Per-organization schema isolation.

No cross-tenant leakage — every query scoped by org.

Infrastructure

OCI cloud with VPC isolation.

Automated backups and monitored availability targets.

Compliance frameworks

Built for regulated industries

Hover a badge for the full framework name. Roadmap items are planned attestations and programs.

EU AI ActNIST AI RMFISO 42001NYC Local Law 144Colorado SB 205CCPA/CPRAGDPRHIPAASOXFINRA AIOCC GuidanceFTC Act Section 5
SOC 2 Type IIRoadmapFedRAMPRoadmapOECD AI PrinciplesRoadmapCanada AIDARoadmap

Data handling

Your data stays yours

  • US-based OCI infrastructure — data residency aligned with our hosted regions and your contractual requirements.
  • Configurable retention policies per organization for audit and compliance evidence.
  • Full data deletion on account termination — including GDPR Article 17 right-to-erasure workflows.
  • We never use your data to train AI models — your governance data is not repurposed for model training.

Sub-processors

  • Clerk — authentication and organization management
  • Stripe — billing and subscription management
  • Anthropic — AI analysis for compliance and product features (under data processing terms)

Infrastructure

Reliability and protection

  • 99.9% uptime SLA target for the hosted platform.
  • Automated database backups with tested restore procedures.
  • DDoS protection via Cloudflare at the edge.
  • Dual-window token bucket rate limiting on all API endpoints.

Responsible AI

Governance for AI, governed by principles

Bias monitoring — continuous signals and evaluations to surface drift and unfair outcomes before they reach production scale.

Explainability — traceable decisions and documented reasoning paths so teams can answer “why” for auditors and executives.

Human-in-the-loop (HITL) — approvals and escalations where autonomy must yield to human judgment.

Kill switch — instant containment when risk exceeds policy, with audit evidence of who acted and when.

Ready to secure your AI agents?

Start a trial or talk to us about architecture reviews, DPA terms, and enterprise deployment options.

Start 14-day trialTalk to sales