Isolated Sandboxes
Each agent runs in an isolated microVM with strict resource limits and network policies.
Security & Compliance
Security & Compliance
Auteryn is built with enterprise-grade security from the ground up. Your data, your agents, and your customers are protected by industry-leading security practices.
๐
SOC 2 Type II
Certified
๐ก๏ธ
GDPR
Compliant
โ
99.9%
Uptime SLA
๐
AES-256
Encryption
Security Overview
Data Encryption
In Transit:
- TLS 1.3 for all API communications
- Perfect forward secrecy
- Certificate pinning for mobile apps
- Encrypted WebSocket connections
At Rest:
- AES-256 encryption for all stored data
- Encrypted database backups
- Encrypted file storage (S3 with SSE)
- Hardware security modules (HSM) for key management
Infrastructure Security
Network Segmentation
Multi-layer network isolation between customer environments, control plane, and data plane.
DDoS Protection
CloudFlare Enterprise with automatic DDoS mitigation and WAF protection.
Intrusion Detection
Real-time monitoring with automated threat detection and response.
Access Control
Authentication:
- Multi-factor authentication (MFA) required for all accounts
- SSO support (SAML 2.0, OAuth 2.0)
- API key rotation and expiration policies
- Session management with automatic timeout
Authorization:
- Role-based access control (RBAC)
- Principle of least privilege
- Granular permissions per agent and resource
- Audit logs for all access events
Compliance & Certifications
SOC 2 Type II
Auteryn has completed SOC 2 Type II audit covering:
- Security - Protection against unauthorized access
- Availability - System uptime and performance
- Processing Integrity - Complete and accurate processing
- Confidentiality - Protection of confidential information
- Privacy - Collection, use, and disposal of personal information
Download SOC 2 Report โ (requires NDA)
GDPR Compliance
We are fully compliant with EU General Data Protection Regulation:
- Data Processing Agreement (DPA) available
- Right to access - Export your data anytime
- Right to erasure - Delete your data on request
- Data portability - Standard export formats
- Privacy by design - Built into our architecture
- EU data residency - Available for Enterprise customers
Additional Compliance
CCPA
California Consumer Privacy Act compliant. User data rights respected.
HIPAA
HIPAA-ready infrastructure available for healthcare customers (Enterprise).
ISO 27001
Information security management system certification (in progress).
Data Privacy
Data Collection
We collect only whatโs necessary:
- Account data - Email, name, organization
- Usage data - Agent runs, API calls, feature usage
- Content data - Agent instructions, knowledge base content
- Conversation data - Agent interactions (encrypted)
Data Usage
Your data is used only for:
- Providing the Auteryn service
- Improving platform performance
- Security and fraud prevention
- Compliance with legal obligations
We never:
- Sell your data to third parties
- Use your data to train public AI models
- Share your data without explicit consent
- Access your data without authorization
Data Retention
- Active accounts - Data retained while account is active
- Deleted accounts - Data deleted within 30 days
- Backups - Retained for 90 days for disaster recovery
- Logs - Security logs retained for 1 year
Data Location
- Primary region - US East (Virginia)
- Backup region - US West (Oregon)
- EU region - Available for Enterprise (Frankfurt)
- Custom regions - Available for Enterprise
Sandbox Security
Isolation
Each agent sandbox is isolated using:
- MicroVMs - Firecracker-based virtualization
- Network isolation - Private VPC per customer
- Resource limits - CPU, memory, disk quotas
- Process isolation - Separate user namespaces
Monitoring
All sandbox activity is monitored:
- System calls - Tracked and logged
- Network traffic - Inspected and filtered
- File access - Monitored and restricted
- Resource usage - Tracked and limited
Automatic Shutdown
Sandboxes automatically shut down:
- After 24 hours of inactivity
- When resource limits are exceeded
- On suspicious activity detection
- On manual termination
Incident Response
Security Monitoring
24/7 security operations center (SOC) monitoring:
- Real-time threat detection
- Automated incident response
- Security information and event management (SIEM)
- Vulnerability scanning and patching
Incident Response Plan
In case of a security incident:
- Detection - Automated alerts and monitoring
- Containment - Immediate isolation of affected systems
- Investigation - Root cause analysis
- Remediation - Fix vulnerabilities and restore service
- Notification - Inform affected customers within 72 hours
- Post-mortem - Document and improve processes
Vulnerability Disclosure
Found a security issue? We have a responsible disclosure program:
- Report to: security@auteryn.ai
- Response time: Within 24 hours
- Bug bounty: Available for qualifying vulnerabilities
- Hall of fame: Recognition for security researchers
Enterprise Security Features
Advanced Security
Available on Enterprise plans:
SSO Integration
SAML 2.0, OAuth 2.0, LDAP integration with your identity provider.
IP Allowlisting
Restrict access to specific IP ranges or VPN endpoints.
Audit Logs
Comprehensive audit trail of all user and agent actions.
Custom Encryption
Bring your own encryption keys (BYOK) for data at rest.
Private Cloud
Deploy Auteryn in your own AWS/GCP/Azure account.
Dedicated Support
24/7 security support with dedicated security engineer.
Compliance Support
We help you meet your compliance requirements:
- Security questionnaires - Pre-filled templates
- Vendor assessments - Support for your procurement process
- Custom DPAs - Tailored data processing agreements
- Compliance documentation - Policies, procedures, certifications
Security Best Practices
For Administrators
- Enable MFA - Require for all team members
- Use SSO - Centralize authentication
- Review permissions - Audit access regularly
- Monitor activity - Check audit logs weekly
- Rotate keys - Update API keys quarterly
For Developers
- Secure API keys - Never commit to version control
- Use environment variables - Store secrets securely
- Limit permissions - Grant minimum necessary access
- Validate inputs - Sanitize all user inputs
- Monitor usage - Set up alerts for unusual activity
For Agents
- Principle of least privilege - Grant only necessary tools
- Sandbox isolation - Keep agents in isolated environments
- Knowledge base security - Encrypt sensitive documents
- Regular audits - Review agent conversations
- Incident response - Have a plan for agent misbehavior
Uptime & Reliability
Service Level Agreement (SLA)
99.9% uptime guarantee for Pro and Enterprise plans:
- Monthly uptime: 99.9% (43 minutes downtime/month)
- Incident response: < 15 minutes
- Status page: status.auteryn.ai
- SLA credits: Automatic for missed targets
Infrastructure
- Multi-region deployment - Automatic failover
- Load balancing - Distributed across availability zones
- Auto-scaling - Handles traffic spikes automatically
- Disaster recovery - RPO < 1 hour, RTO < 4 hours
Monitoring
- Real-time monitoring - All services monitored 24/7
- Automated alerts - Immediate notification of issues
- Performance tracking - API latency, error rates, uptime
- Incident management - PagerDuty integration
Questions?
Common Security Questions
Q: Where is my data stored?
A: Primary data is stored in US East (Virginia) with backups in US West (Oregon). EU data residency available for Enterprise.
Q: Can Auteryn access my data?
A: Only authorized support engineers with explicit customer permission can access data for troubleshooting. All access is logged.
Q: How do you handle AI model security?
A: We use enterprise API endpoints from OpenAI, Anthropic, and Google with strict data processing agreements. Your data is not used for model training.
Q: What happens if thereโs a breach?
A: We follow our incident response plan and notify affected customers within 72 hours as required by GDPR.
Q: Can I run Auteryn in my own cloud?
A: Yes, private cloud deployment is available for Enterprise customers.
Contact Security Team
For security inquiries:
- General questions: security@auteryn.ai
- Vulnerability reports: security@auteryn.ai
- Compliance requests: compliance@auteryn.ai
- Enterprise sales: sales@auteryn.ai
Response time: Within 24 hours for all security inquiries.