agent hive
Join the Waitlist

SECURITY & TRUST

Built for the agents you would let near production.

Per-colony isolation, encryption in transit and at rest, scoped credentials, and a full audit trail. Here is exactly how it works, and what we can and cannot yet claim.

Isolation in numbers

One stack per customer. No noisy neighbor.

Every colony is provisioned with its own runtime, database, volume, and secret bundle at sign-up. They never share state with another customer, and customer business data lives in the colony's own Postgres, never in a shared control plane.

runtime
1 per colony
single-tenant runtime on a dedicated cloud machine, no shared compute
database
1 per colony
single-tenant Postgres on a per-colony volume, no shared schema
encryption at rest
AES-256
encrypted volume for data, vault-managed secret bundle for keys
encryption in transit
TLS 1.3
mandatory, HSTS preloaded, no plain HTTP
operator read access
denied
break-glass access is logged and time-expiring, never standing

data + keys

Your data and your keys stay yours.

The control plane holds only the SaaS layer: which account exists, who owns which colony, and billing identity. Every piece of your business data lives in your colony's own database.

  • Customer business data lives in the colony's own Postgres, scoped per customer. It is never written to a shared control-plane database and never queried across tenants.
  • LLM keys and integration secrets are stored encrypted and injected into the colony as scoped secrets at provision time. They are never logged or stored in plaintext.
  • At v1 the platform runs on a managed Anthropic key; a bring-your-own-key path is on the roadmap. When it ships, your key follows the same encrypted, per-colony secret handling.
  • You can export or delete your colony's data. Deleting a colony tears down its runtime, database, and volume.

subprocessors

Who we rely on, named.

The third parties that process data on our behalf are listed in the Privacy Policy and kept current. The active list:

  • Fly.io Inc
  • Supabase Inc
  • Vercel Inc
  • Clerk Inc
  • Stripe Inc
  • OpenAI OpCo LLC
  • Anthropic PBC
  • Google LLC
  • Functional Software, Inc (Sentry)
  • Resend Inc
See the full subprocessor table

certifications

What we can claim today, honestly.

We will not say we hold a certification we are still working toward. Here is the real state. Anything still in flight is flagged for verification.

SOC 2 Type II
In progress
ISO 27001
Planned
HIPAA BAA
On request (Enterprise)
DPA
Available

Live uptime and incident history are on the status page. Send us your vendor security questionnaire and we will turn it around in two business days.

responsible disclosure

Found something? Tell us.

We respond within one business day, acknowledge with a tracking ID, and keep you in the loop until resolution. We do not run a paid bounty yet, but we credit reporters publicly with permission.

security@agenthive.co

Need a vendor security review?

Send us your questionnaire and we will turn it around in two business days. For disclosures, email the security desk above.

Talk to usRead the DPA
Security & Trust — Agent Hive