Skip to content
AgentID

Security & Compliance

Security for production AI, built as an AI Governance Platform.

AgentID is designed for regulated environments where runtime controls, forensic evidence, and operational transparency matter as much as encryption and storage security.

Request Data Processing Agreement (DPA)View System Status

Runtime Security Model

Why AgentID’s security model is built as an AI Governance Platform, not a static compliance layer

Static compliance layers describe what should happen. AgentID is built to help enforce what can happen in production. That means pre-execution controls, immutable event trails during operation, and forensic evidence for incident review, audits, and enterprise accountability.

Pre-execution controls

Policy can act before risky prompts, files, or tool calls proceed.

Immutable runtime evidence

Operational events are preserved as durable audit and forensic records.

Governance tied to security

Security posture is linked to runtime policy, oversight, and evidence, not just infrastructure settings.

Audit and Forensic LogsAI Agent ObservabilityShadow AI GovernanceGovernance Maturity ModelAudit Evidence Use Case

Data Privacy Framework

GDPR role clarity by design.

Data Processor

Within our SDK and API services, we operate as a processor. We secure data flows, apply PII scrubbing, and maintain encrypted logging under customer instruction.

Data Controller

We act as controller only for customer account administration, dashboard analytics, and billing operations required to deliver the service.

Data Residency

Regional deployment options include EU-only hosting for teams requiring strict GDPR-aligned data locality and governance controls.

Technical Security

Infrastructure hardened for enterprise AI traffic.

Encryption by default

AES-256 at rest and TLS 1.3 in transit across APIs, logs, and operational telemetry.

Forensic-Grade Envelope Encryption

Data is protected at rest using AES-256 Envelope Encryption. Runtime processing occurs in secure ephemeral memory, ensuring sensitive data is never persisted in plain text.

WORM audit trail

Immutable write-once logs preserve forensic-grade records that cannot be retroactively edited or deleted.

Compliance Standards

Mapped to the controls your auditors ask for.

Core AI Governance: SOC 2 (Type I & II), EU AI Act, ISO/IEC 42001. Data Privacy & State Laws: GDPR, CCPA, Colorado AI Act.

  • Core AI Governance: SOC 2 (Type I & II) support through strict RBAC, encrypted payload separation, immutable audit trails, and single-truth event lifecycle controls.
  • Core AI Governance: EU AI Act support through record-keeping, AI risk tier mapping, prompt/output logging, and human-oversight metrics.
  • Core AI Governance: ISO/IEC 42001 support through automated AI risk assessments, model drift monitoring, and forensic audit evidence.
  • Data Privacy & State Laws: GDPR and CCPA support through strict PII leakage blockers, redaction before upstream LLM delivery, and developer-isolated encrypted payload handling.
  • Data Privacy & State Laws: Colorado AI Act support through decision logging, risk categorization, and forensic oversight for algorithmic transparency.
  • Supporting security posture: encryption in transit and at rest, WORM-style audit preservation, regional deployment controls, and runtime policy enforcement.