Trust Center
Every tool call an agent makes through this platform passes our full governance pipeline — authentication, policy, firewall scan in both directions, and a tamper-evident audit trail.
This page publishes what that costs and how it's built. Measured, not asserted.
Gateway overhead, measured live
The platform's own cost per tool call: total handling time minus the time the upstream MCP server needed. Everything our governance pipeline does happens inside this number. Pulled live from the production gateway — no caching, no curation.
Security architecture
Envelope-encrypted credentials
Secrets are encrypted with per-tenant data keys (DEK/KEK). Credentials are injected into tool calls server-side and never returned to a browser after saving — the UI only ever sees masked previews.
Tamper-evident audit chain
Audit entries are hash-chained: each record commits to its predecessor, so silent modification or deletion of history is detectable. Exports are available to every persona — user, tenant admin, platform admin.
Bidirectional MCP firewall
Requests and responses are scanned before they cross the boundary: secret detection, data-exfiltration patterns, injection heuristics. Verdicts are allow, redact, require human approval, or block — per policy, per tenant, per user.
Agent identities with hard limits
Every agent is a first-class identity with its own token, tool assignments, credentials, and enforceable call budgets. Archiving an agent revokes every authentication path in one transaction.
Compliance & data residency
Hosted in Germany
All platform data — credentials, audit logs, tool traffic — is processed on infrastructure in Germany. No data leaves the EU.
GDPR
Data-processing terms, records of processing, and data-subject tooling (export & deletion) are built into the product. See the privacy policy and DPA.
SOC 2 Type II / ISO 27001
Certification is on the roadmap and not yet complete. We publish this honestly rather than implying otherwise — ask us for the current audit-readiness state.
Independent penetration test
A third-party security assessment is planned; results summary will be published here.
Questions, disclosures, deeper diligence?
Security questions and vulnerability reports: contact us. We answer evaluators' architecture questions directly — including the ones this page doesn't cover yet.