Security

Security & Compliance at AgentCloud

Enterprise-grade security built into every layer of the platform.

AgentCloud is built for organizations where security is non-negotiable. Every design decision, from infrastructure architecture to data handling policies, is made with enterprise security requirements in mind.

Architecture

Security at every layer

Infrastructure Security

Deployed on enterprise-grade cloud infrastructure with network isolation, DDoS protection, and regular penetration testing.

Data Encryption

All data encrypted at rest (AES-256) and in transit (TLS 1.3). Encryption keys managed per-customer with scheduled rotation.

Access Control

Role-based access control with SSO/SAML support. Agent-level permissions enforced at the API layer. Full access audit logging.

Incident Response

24/7 security monitoring with defined incident response procedures. Customer notification SLAs documented and tested quarterly.

Compliance

Certifications & standards

SOC 2 Type IIIn Progress

Expected Q4 2025. Full report will be available to enterprise customers under NDA.

GDPRCompliant

EU data residency available. Data processing agreements provided on request.

CCPACompliant

Privacy controls and data deletion workflows fully supported.

HIPAABAA Available

Business Associate Agreements available for healthcare customers on enterprise plans.

FedRAMPUnder Evaluation

Under evaluation for government and public sector customers.

Data Handling

How we handle your data

What agents process

Task inputs, tool API responses, and generated outputs. No data is shared across customer tenants.

Retention policy

Configurable retention windows. Default is 90 days. Enterprise customers can configure down to zero retention.

Data deletion

Verified full deletion within 30 days of a customer deletion request. Deletion confirmation provided in writing.

No model training

We do not use customer data to train, fine-tune, or improve AI models under any circumstance.

Private VPC

Private VPC deployment available for customers with zero-egress requirements. Your data never leaves your cloud account.

Testing

Penetration testing & bug bounty

Annual Pen Testing

Third-party penetration testing conducted annually by an independent security firm against the full production environment.

Results Under NDA

Full penetration test reports and remediation documentation shared with enterprise customers under mutual NDA.

Bug Bounty Program

We operate a responsible disclosure and bug bounty program. Researchers who identify and report valid vulnerabilities are rewarded.

Documentation

Need our full security documentation?

Download our security overview or speak directly with our security team about your requirements.

Download Security OverviewTalk to Our Security Team