Trust & Security
Transparency into how Agentiff.AI protects your data, governs AI decisions, and meets compliance standards.
17 of 22 controls passing
Architecture: Sovereignty-First Orchestration
Credential Isolation
Your integration credentials are encrypted at rest (AES-256-GCM) and decrypted only at sync time. Never stored in workflow execution history or exposed to AI agents.
Encrypted Local Storage
API keys and secrets on your device are protected by AES-256-GCM encryption with a device-derived key.
Runtime-Only Secret Injection
AI agents never see raw secrets. Credentials are injected at runtime and referenced by name in workflow definitions.
Zero-Vendor Observability
Unlike other platforms, we do not ship your logs to third-party SaaS vendors. All diagnostic data stays within our self-hosted Loki/Grafana stack on bare-metal infrastructure.
End-to-End Traceability
Every AI agent decision is linked to a unique Trace ID, allowing for granular debugging and auditing of Temporal workflows without exposing PII.
GDPR
Coverage
SOC 2 Type II
Coverage
ISO 42001 (AI Governance)
Coverage
Data Privacy & Observability
PII Redaction at Edge
Automated regex-based redaction (Promtail/Alloy) scrubs emails, IPs, and third-party tokens (Slack, Google, etc.) before they are written to disk.
Observability Sovereignty
Self-hosted Grafana, Loki, and Tempo stack—diagnostic logs and traces never leave our private network.
90-Day Retention Policy
Automated 90-day retention enforcement active for all diagnostic and audit logs.
Infrastructure Security
Hybrid-Cloud Isolation
Workloads distributed across DigitalOcean and Hetzner bare-metal nodes, secured via private network tunnels and TLS 1.3.
Network Access Control
All services behind Cloudflare WAF with HSTS. Application bound to localhost, proxied via Nginx with authenticated push endpoints.
Distributed Tracing Audit
Full OpenTelemetry (OTEL) integration for Temporal workflows—complete audit trail from API request to background execution.
Encryption
Data in transit (database)
SSL/TLS enforced for all PostgreSQL connections (sslmode=require)
Data at rest (secrets)
AES-256 encrypted vault with runtime-only injection
Data in transit (internal)
Redis and Temporal TLS planned — mitigated by localhost-only deployment
Data at rest (disk)
Full disk encryption planned — mitigated by DC physical security
AI Governance
Human-in-the-loop gates
Destructive operations require explicit human approval
Tool approval system
Session-level tool authorisation planned — HITL gates active for destructive operations
LLM decision audit trail
All LLM calls logged — model, tokens, cost, conversation context
AI model inventory
All models documented — primary, fallback, and per-skill routing
Backup & DR
Local backup
Daily automated PostgreSQL backup
Encrypted offsite backup
Daily AES-256 encrypted backup with 7-day retention
Cloud offsite storage
S3/Backblaze upload ready — credentials pending
Restore testing
Manual restore verified — quarterly automated testing planned
Credential Management
Automated health check
Daily check of 8 credentials — expiry, validity, rotation
OAuth token auto-refresh
Google OAuth refreshed every 50 minutes automatically
Secret injection
AI agents never see raw secrets — runtime injection only
Credential rotation alerts
Slack alerts on credential failures or expiry