Security
Security by architecture.
Your code and secrets never leave your cloud. The relay holds nothing at rest.
How we protect your data
Six layers of protection.
Source never persisted
In-memory only for run duration. Your tenant cloud is the sole persistence layer.
Least-privilege IAM
Fresh STS tokens per run. Minimum required policy. Expire 15 min after completion.
End-to-end TLS 1.3
Mutual TLS between relay and all tenant clouds. No plaintext, ever.
Tenant isolation
Dedicated VPC for enterprise. Logical isolation at orchestrator and queue layers.
Customer-managed keys
BYO key via AWS KMS, GCP Cloud KMS, or Azure Key Vault. We never hold plaintext.
Zero-trust by default
Every API call signed with short-lived credentials and logged in the audit trail.
Compliance
Honest about where we are.
We will not claim a certification before it is earned. Here is the real status.
SOC 2 Type II
IN PROGRESSType I target Q3 2026
ISO 27001
PLANNEDPost-launch roadmap
GDPR
IN PROGRESSControls designed
CCPA
IN PROGRESSControls designed
HIPAA
PLANNEDEnterprise roadmap
FedRAMP
PLANNEDPost-launch target
Data residency
Deploy where your data lives.
US East (N. Virginia)US West (Oregon)EU West (Dublin)EU Central (Frankfurt)AP Southeast (Singapore)AP Northeast (Tokyo)GovCloudSelf-hosted
Trust, verified.
Request our security questionnaire, architecture overview, or a direct call with our team.
Request security review