Trust & Safety

Built for enterprise security

AgentAudit is designed with security and compliance at every layer — from encryption at rest to sandboxed validators. Here is how we protect your data.

Encryption

All data is encrypted in transit and at rest using industry-standard protocols.

  • TLS 1.3 for all API and dashboard traffic
  • PostgreSQL encrypted at rest (AES-256)
  • API keys hashed with bcrypt + salt
  • JWT tokens with configurable expiration

Access Control

Role-based access with strict isolation between organizations.

  • Organization-scoped audit logs (row-level isolation)
  • API keys scoped to a single organization
  • Rate limiting on auth and audit endpoints
  • No cross-tenant data access possible

Input Safety

Guardrails against malicious input and ReDoS attacks.

  • Regex patterns limited to 500 characters (ReDoS protection)
  • Custom validators run in an isolated V8 sandbox (isolated-vm, no Node.js access)
  • 100ms timeout on all custom validator executions
  • Zod schema validation on all incoming requests

Compliance

Pre-built rule packs and audit-ready reporting for major frameworks.

  • HIPAA rule pack (SSN, PHI, medical IDs)
  • PCI-DSS / SOX rule pack (credit cards, bank accounts)
  • GDPR / CCPA rule pack (emails, addresses, phone numbers)
  • Exportable CSV/JSON audit reports
Audit-Ready Architecture GDPR Pack Included HIPAA Pack Included

Infrastructure

Hosted on Railway with automatic security patches and health monitoring.

  • PostgreSQL 15+ with connection pooling
  • Helmet.js security headers on all responses
  • CORS configured for production origins only
  • Health checks and auto-restart on failure

Transparency

Open source and independently auditable. You can inspect every line of code.

  • 100% open source (MIT license)
  • Self-hostable on your own infrastructure
  • No third-party data sharing
  • Security issues reported to security@agentaudit.dev
Source Code ↗ Report Issue