Built for buyers who read the security review.

Architecture

Defence in depth, from SDK to storage.

At the customer perimeter

• PII redaction at the SDK boundary, before any network transmission
• SHA-256 hash of raw payload generated locally — enables verification without storing raw data
• Local disk buffer for offline / air-gapped operation
• Async, batched, encrypted transport — never blocks the agent

In transit

• TLS 1.3 minimum, with mandatory HSTS preload
• API key Bearer authentication, SHA-256 hashed on the server
• Rate-limited and size-capped at the edge before reaching app code

At rest

• AES-256-GCM encryption at the storage layer
• Customer-held signing keys at the Professional tier and above
• UK data residency by default; EU and US optional
• Hash-chain integrity verifiable independently against any read-only copy

Sub-processors

Who handles what.

Sub-processor	Purpose	Region
Supabase Inc.	Postgres hot store, magic-link auth	UK / EU
Amazon Web Services	S3 cold storage, Parquet archive	eu-west-2 (London)
Vercel Inc.	Edge static, Python serverless API	UK edge presence
FreeTSA / Sectigo TSA	RFC 3161 timestamping (optional)	EU
Stripe	Billing	UK / EU

Any change to this list is notified at least 30 days in advance per our standard DPA, and customers may object in writing.