SOC 2 Type II
in-progress- Target
- Q1 2027
- Vendor / auditor
- Drata + CPA-firm audit
Policies + evidence pipeline live; CPA engagement signed
Security & Compliance
Audit-ready by design.
AEGIS is the audit infrastructure for AI agents — it would be embarrassing if our own posture were weaker than what we ship to customers. This page lists exactly what's certified, what's shipped, and what's in progress. Send corrections to security@aegis.dev.
Certifications & frameworks
ISO/IEC 27001
planned- Target
- Q3 2027
- Vendor / auditor
- —
Follows SOC 2 — same control set, additive review
HIPAA BAA
on-request- Target
- —
- Vendor / auditor
- —
Available to Enterprise tier on contract; ePHI handling pre-approved
GDPR / DPA
shipping- Target
- now
- Vendor / auditor
- —
DPA template available at /dpa; data processor terms standard
EU AI Act Art. 14 (transparency)
shipping- Target
- now
- Vendor / auditor
- —
Counterfactual explainer + audit log meet decision-explainability requirement
Trust Center. A SafeBase / Whistic-style single-page audit portal launches with the SOC 2 Type II report. In the interim, enterprise customers under NDA can request the policy bundle, network diagram, and detector architecture brief from security@aegis.dev.
Cryptographic audit primitives
Auditors don't trust vendors — they trust mathematics. Every AEGIS deployment ships with cryptographic primitives that make our own infrastructure non-repudiable to your team.
RFC 6962 transparency log
Every audit event appends to a Merkle tree. Tree heads signed Ed25519. Customers cache signed roots locally for offline non-repudiation.
Witness cosignature protocol
Multiple independent signers verify the same tree head — Sigstore-style. Customers verify against ANY witness without trusting AEGIS infrastructure.
Zero-dep offline verifier
A 245-line CLI (`tools/verify-log/index.mjs`) verifies inclusion + consistency proofs with no Node deps beyond the standard library. Runs in any air-gapped environment.
Signed release artifacts
Every npm tarball, PyPI wheel, and gateway Docker image ships with an Ed25519 signature + CycloneDX SBOM + SLSA-compatible attestation. Pin trust on the public key once.
Data handling
Encryption in transit
TLS 1.3 + ALPN preferred; HSTS preload-eligible domains.
Encryption at rest
AES-256 disk encryption on all managed deployments; SQLite + Postgres rows are not application-layer encrypted (workload requires regex/JSON predicates).
Hash algorithms
SHA-256 for content fingerprints + transparency log leaf hashes. Ed25519 for transparency-log root signatures.
Secrets storage
Hashed at rest (SHA-256). Bearer tokens & API keys are emitted exactly once; we cannot retrieve a key you lost.
PII handling
Built-in PII detector runs on every trace ingestion. Detected fields are flagged on the trace + redacted from the cockpit view at the org admin’s option.
Data retention
Per-plan (Free 7d / Pro 30d / Team 90d / Enterprise contractual). Customers can delete data via API or with a single request.
Sub-processors
See https://aegis.dev/subprocessors. Notification on change ≥ 30 days advance.
Right to deletion
Self-service via the cockpit; cascade across traces, audit log, transparency log, and DLQ.
Vulnerability disclosure
We follow standard coordinated disclosure. If you find a security issue, please email security@aegis.dev (PGP key at .well-known/security.txt) with reproduction steps. We acknowledge within 48 hours and target a fix within 30 days for HIGH/CRITICAL severity, 90 days otherwise. We credit you in the advisories list unless you ask to stay anonymous.
What's in scope
- The hosted gateway at
gateway.aegis.dev - The cockpit app at
app.aegis.dev - This marketing site at
aegis.dev - The npm + PyPI release artifacts
- The desktop installer (any platform we ship)
What's NOT in scope
- Denial-of-service via volumetric traffic (use the rate-limit instead)
- Issues that only affect customers' own self-hosted gateways with default test credentials
- Findings on dependencies that don't materially impact AEGIS
- Social engineering of staff or contractors
Bug bounty. The HackerOne program launches with the v1.0 GA release. Until then, severity-weighted monetary rewards are paid out of band by direct transfer.
Need a deeper review?
Enterprise security reviews, custom DPA / BAA, SOC 2 evidence shares (under NDA), and architecture deep-dives — all go through security@aegis.dev.