TRUST CENTER
What we do with your data.
agentwach watches autonomous agents on behalf of teams that cannot afford to be wrong about who has access to what. Here is exactly how we handle the data you send us.
Compliance posture
SOC 2 Type II
In progressControls aligned to the Trust Services Criteria; external audit scheduled.
HIPAA
Designed to supportArchitecture supports teams preparing for HIPAA workflows. BAA available on the Business plan.
ISO 27001
Designed to supportInformation-security controls mapped; certification not yet held.
GDPR
CompliantEU-region database hosting, DPA available, data-export and deletion endpoints.
Subprocessors
| Vendor | Purpose | Region |
|---|---|---|
| Supabase | Primary database, auth, file storage | EU (Frankfurt) |
| Cloudflare | CDN, edge compute, DDoS protection | Global |
| Stripe | Payment processing and billing | US / EU |
| Resend | Transactional email delivery | US |
| OpenAI / Anthropic / Google | Optional model providers for diagnose feature | US |
Encryption & retention
- · API keys stored as SHA-256 hashes; raw keys never persisted server-side.
- · All traffic encrypted in transit (TLS 1.3) and at rest (AES-256).
- · Event retention defaults to 14 days on Free, 30 days on Team, 90 days on Business.
- · Workspace deletion purges all events, agents, and token usage within 30 days.
Security contact
Report a vulnerability to security@agentwach.com. We acknowledge within one business day.
Need a DPA, BAA, or completed security questionnaire? Contact sales.