At DataAgents, security and compliance are fundamental to everything we do. This page outlines our security posture, compliance alignment, and data protection guarantees to help you understand how we protect your data.
Compliance Certifications
We align with industry-leading security standards and frameworks:
SOC 2 Type II
GDPR Compliant
ISO 27001
HIPAA Ready
Data Protection Principles
We follow privacy-by-design and security-by-default principles:
- Data Minimization: We only collect and process data necessary to provide our services
- Purpose Limitation: Data is processed only for specified, explicit, and legitimate purposes
- Storage Limitation: Data is retained only as long as necessary to fulfill stated purposes
- Accuracy: We maintain processes to ensure personal data is accurate and up-to-date
- Integrity and Confidentiality: We implement appropriate technical and organizational measures to protect data
- Accountability: We maintain comprehensive documentation of our data processing activities and security controls
Infrastructure & Hosting
DataAgents is built on enterprise-grade cloud infrastructure:
Google Cloud Platform (GCP)
- Hosted on Google Cloud Platform with enterprise-grade security
- Data primarily stored in EU regions (Belgium, Netherlands) for GDPR compliance
- GCP maintains SOC 2 Type II, ISO 27001, and HIPAA certifications
- Automatic backups and disaster recovery capabilities
- 99.99% uptime SLA for critical services
Access Control & Identity
We implement multiple layers of access control to protect your data:
- Authentication: JWT-based authentication with secure token management
- Multi-Factor Authentication (2FA): Available for all user accounts
- Role-Based Access Control (RBAC): Users receive access based on their role and responsibilities
- Principle of Least Privilege: Users receive only the minimum access necessary to perform their tasks
- Session Management: Secure session handling with automatic timeouts and token expiration
- No Shared Accounts: Each user must have their own account - shared accounts are prohibited
Encryption & Isolation
Your data is protected by multiple layers of encryption and isolation:
- Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
- Encryption at Rest: All stored data is encrypted using AES-256 encryption
- Tenant Isolation: Complete logical separation between customer workspaces - no customer can access another customer's data
- Secret Management: Credentials and API keys are stored in encrypted vaults with automatic rotation capabilities
- Key Management: Encryption keys are managed through Google Cloud KMS with hardware security modules (HSMs)
AI Security
Our AI-powered features include robust security measures:
- Schema Validation: All AI-generated actions are validated against predefined schemas to prevent injection attacks
- Sandboxed Execution: AI-generated code runs in isolated sandboxes with strict resource limits
- Audit Logging: All AI actions are logged for compliance and security monitoring
- Human-in-the-Loop: Critical actions require human approval before execution
- No Training on Customer Data: We do not use your data to train our AI models
Network Security
- Web Application Firewall (WAF): Protection against common web attacks (SQL injection, XSS, CSRF)
- DDoS Protection: Automatic DDoS mitigation through Cloudflare
- Rate Limiting: API rate limiting to prevent abuse
- IP Whitelisting: Available for enterprise customers who require additional access controls
Monitoring & Incident Response
- 24/7 Monitoring: Continuous monitoring of all systems and services
- Security Alerts: Real-time alerting for suspicious activities
- Incident Response: Documented incident response procedures with defined SLAs
- Vulnerability Management: Regular vulnerability scanning and penetration testing
- Breach Notification: Notification within 72 hours as required by GDPR
Business Continuity
- Automatic Backups: Daily backups with point-in-time recovery
- Geo-Redundancy: Data replicated across multiple availability zones
- Disaster Recovery: Documented disaster recovery procedures with tested RTOs and RPOs
- 99.9% Uptime SLA: Committed uptime for enterprise customers
Security Contact
For security concerns or to report vulnerabilities:
Security Team: [email protected]
Data Protection Officer: [email protected]
For our Security Pack and compliance documentation, visit Security Pack.
This Security & Compliance page is effective as of January 16, 2026. We continuously update our security measures to protect your data.