Skip to main content
DataAgents logoDataAgents

Security Pack for Prospects

Comprehensive security and compliance information for enterprise prospects

This Security Pack provides comprehensive information about DataAgents' security posture, compliance alignment, and data protection measures. This document is designed for enterprise prospects conducting security reviews.

Download Security Pack

Download a complete PDF version of this Security Pack for your security review process.

Security Overview

DataAgents implements enterprise-grade security controls to protect customer data:

  • Encryption: TLS 1.2+ in transit, encryption at rest (GCP managed)
  • Access Control: JWT authentication, 2FA available, RBAC, least privilege
  • Tenant Isolation: Complete logical and physical isolation between customers
  • Monitoring: Comprehensive audit logging and security monitoring
  • Incident Response: Documented procedures with 72-hour breach notification
  • Backup & Recovery: Automated backups with 1-hour RPO, 4-hour RTO

For detailed information, see our Security & Compliance page.

Security Architecture

DataAgents' security architecture implements defense-in-depth with multiple layers of security controls:

Key Architecture Components:

  • Frontend: React application with HTTPS/TLS encryption
  • API Gateway: FastAPI with JWT authentication and rate limiting
  • AI Server: gRPC service with TLS encryption
  • Database: PostgreSQL with tenant isolation and encryption at rest
  • Storage: Google Cloud Storage with encryption and versioning
  • LLM Providers: Encrypted connections to OpenAI, Anthropic, and other providers

A detailed security architecture diagram is available upon request. The diagram shows tenant isolation boundaries, data flow, encryption points, and storage boundaries without exposing sensitive infrastructure details.

SOC 2 Control Summary

DataAgents aligns with SOC 2 Type II security and availability criteria. Key controls include:

Security Controls (CC):

  • CC6 - Access Controls: JWT authentication, 2FA, RBAC, tenant isolation
  • CC7 - System Operations: Comprehensive logging, monitoring, incident response
  • CC8 - Change Management: Code review, CI/CD, testing, rollback procedures

Availability Controls (A):

  • A1 - Capacity Management: Auto-scaling, monitoring, capacity planning
  • A2/A3 - Backup & Recovery: Automated backups, disaster recovery, restore testing

Note: DataAgents is actively preparing for SOC 2 certification and maintains comprehensive documentation of our security controls. We are audit-ready and can provide evidence of our controls upon request.

HIPAA Posture

DataAgents operates with a HIPAA-compliant operating model and can sign a Business Associate Agreement (BAA):

Administrative Safeguards:

  • Workforce security and access management
  • Security awareness and training
  • Incident response procedures
  • Contingency planning

Technical Safeguards:

  • Access control (unique user IDs, authentication, encryption)
  • Audit controls (comprehensive logging)
  • Integrity controls (data validation, backups)
  • Transmission security (TLS encryption)

Physical Safeguards:

  • Reliance on GCP's HIPAA-compliant infrastructure
  • No local PHI storage
  • Cloud-based architecture

Note: HIPAA is not a certification, but we operate with a HIPAA-compliant operating model. We can provide a BAA template for review.

GDPR Guarantees

DataAgents is GDPR compliant and processes personal data in accordance with EU General Data Protection Regulation requirements:

  • Data Subject Rights: Comprehensive support for all GDPR rights (access, rectification, erasure, portability, etc.)
  • Data Processing Agreement: DPA available for signing
  • Sub-Processor Register: Maintained and available upon request
  • Breach Notification: 72-hour notification procedures
  • Data Retention: Policies aligned with GDPR requirements
  • Privacy by Design: Implemented throughout the platform

For more information, see our GDPR & Data Processing Agreement page and Privacy Policy.

Sub-Processors

DataAgents uses the following sub-processors to provide our services:

  • Google Cloud Platform: Infrastructure and storage (SOC 2, ISO 27001, HIPAA certified)
  • OpenAI: LLM services (SOC 2 certified, DPA available)
  • Anthropic: LLM services (SOC 2 certified, DPA available)
  • Stripe: Payment processing (PCI-DSS Level 1, SOC 2 certified)
  • PostHog: Analytics (with user consent, SOC 2 certified)
  • Other sub-processors: See Sub-Processor Register

All sub-processors are bound by data processing agreements and security requirements. We maintain a Sub-Processor Register that is available upon request. We will notify customers of any changes to sub-processors as required by our DPA.

Request Additional Information

For additional security information, security questionnaires, or to request specific documentation:

Data Protection Officer / Security Team:
Email: [email protected]
Address: DataAgents, Sophia Antipolis, France

Additional Resources

This Security Pack is effective as of January 16, 2026, and is updated regularly to reflect our current security posture and compliance alignment.

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.