Audit-ready out of the box.
Every project ships inside a microVM, every change rides through typecheck and lint, every action lands in your audit log. The controls your buyer asks for, on day one.
- SOC 2
- Type II, audited annually
- AES-256
- Encryption at rest, TLS 1.3 in transit
- 0
- Cross-tenant network access, ever
What ships with every plan.
SOC 2 Type II
Audited annually by an independent assessor. Reports + bridge letters available under NDA.
Encryption everywhere
AES-256 at rest, TLS 1.3 in transit. Per-tenant data keys rotated automatically.
Per-project microVMs
Every sandbox runs in a Firecracker microVM with its own kernel boundary. No cross-tenant network.
SSO + SCIM
Okta, Azure AD, Google Workspace, Ping. Provision and deprovision seats from your IdP.
Audit log export
Every agent turn, deployment, and admin action streams to your SIEM via webhook or S3 drop.
DPA + sub-processor list
GDPR / UK-GDPR DPA available for all paid plans. Full sub-processor list published and versioned.
Need our security pack?
We send a full bundle to qualified prospects: SOC 2 report, penetration-test summary, sub-processor list, DPA, BCP/DR plan, and our incident response runbook. Reply takes under 24 hours on weekdays.
Security questions.
No. Private projects are never used to train shared models. The only models that touch your code are the inference calls you explicitly trigger.