SOC 2 Type II
in-progress- Target
- Q1 2027
- Vendor / auditor
- Drata + CPA-firm audit
Policies + evidence pipeline live; CPA engagement signed
Security & Compliance
Audit-ready by design.
AEGIS is the audit infrastructure for AI agents — it would be embarrassing if our own posture were weaker than what we ship to customers. This page lists exactly what's certified, what's shipped, and what's in progress. Send corrections to [email protected].
Certifications & frameworks
ISO/IEC 27001
planned- Target
- Q3 2027
- Vendor / auditor
- —
Follows SOC 2 — same control set, additive review
HIPAA BAA
on-request- Target
- —
- Vendor / auditor
- —
Available to Enterprise tier on contract; ePHI handling pre-approved
GDPR / DPA
shipping- Target
- now
- Vendor / auditor
- —
DPA template available at /dpa; data processor terms standard
EU AI Act Art. 14 (transparency)
shipping- Target
- now
- Vendor / auditor
- —
Counterfactual explainer + audit log meet decision-explainability requirement
Trust Center. A SafeBase / Whistic-style single-page audit portal launches with the SOC 2 Type II report. In the interim, enterprise customers under NDA can request the policy bundle, network diagram, and detector architecture brief from [email protected].
Cryptographic audit primitives
Auditors don't trust vendors — they trust mathematics. Every AEGIS deployment ships with cryptographic primitives that make our own infrastructure non-repudiable to your team.
RFC 6962 transparency log
Every audit event appends to a Merkle tree. Tree heads signed Ed25519. Customers cache signed roots locally for offline non-repudiation.
Witness cosignature protocol
Multiple independent signers verify the same tree head — Sigstore-style. Customers verify against ANY witness without trusting AEGIS infrastructure.
Zero-dep offline verifier
A 245-line CLI (`tools/verify-log/index.mjs`) verifies inclusion + consistency proofs with no Node deps beyond the standard library. Runs in any air-gapped environment.
Signed release artifacts
Every npm tarball, PyPI wheel, and gateway Docker image ships with an Ed25519 signature + CycloneDX SBOM + SLSA-compatible attestation. Pin trust on the public key once.
Data handling
Encryption in transit
TLS 1.3 + ALPN preferred; HSTS preload-eligible domains.
Encryption at rest
AES-256 disk encryption on all managed deployments; SQLite + Postgres rows are not application-layer encrypted (workload requires regex/JSON predicates).
Hash algorithms
SHA-256 for content fingerprints + transparency log leaf hashes. Ed25519 for transparency-log root signatures.
Secrets storage
Hashed at rest (SHA-256). Bearer tokens & API keys are emitted exactly once; we cannot retrieve a key you lost.
PII handling
Built-in PII detector runs on every trace ingestion. Detected fields are flagged on the trace + redacted from the cockpit view at the org admin’s option.
Data retention
Per-plan (Free 7d / Pro 30d / Team 90d / Enterprise contractual). Customers can delete data via API or with a single request.
Sub-processors
See https://aegistraces.com/subprocessors. Notification on change ≥ 30 days advance.
Right to deletion
Self-service via the cockpit; cascade across traces, audit log, transparency log, and DLQ.
Vulnerability disclosure
We follow standard coordinated disclosure. If you find a security issue, please email [email protected] (PGP key at .well-known/security.txt) with reproduction steps. We acknowledge within 48 hours and target a fix within 30 days for HIGH/CRITICAL severity, 90 days otherwise. We credit you in the advisories list unless you ask to stay anonymous.
What's in scope
- The hosted gateway at
gateway.aegistraces.com - The cockpit app at
app.aegistraces.com - This marketing site at
aegistraces.com - The npm + PyPI release artifacts
- The desktop installer (any platform we ship)
What's NOT in scope
- Denial-of-service via volumetric traffic (use the rate-limit instead)
- Issues that only affect customers' own self-hosted gateways with default test credentials
- Findings on dependencies that don't materially impact AEGIS
- Social engineering of staff or contractors
Bug bounty. The HackerOne program launches with the v1.0 GA release. Until then, severity-weighted monetary rewards are paid out of band by direct transfer.
Need a deeper review?
Enterprise security reviews, custom DPA / BAA, SOC 2 evidence shares (under NDA), and architecture deep-dives — all go through [email protected].