Security & Compliance

Built for teams that need audit trails.

Enterprise-grade security, compliance, and data protection from day one. Every interaction logged, every decision traceable.

Security by Design

🔐

End-to-End Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Your workspace data, memory, and conversation history stay encrypted across our infrastructure.

📋

Complete Audit Trails

Every agent action, tool invocation, and model call is logged with full context. Reconstruct any output end-to-end — who requested it, which agents ran, which models were called, and when.

🔒

Role-Based Access Control

Granular permissions for every workspace. Admins set budgets and access rules, editors do the work, viewers observe. No unauthorized access.

🛡️

SOC 2 Type II (In Progress)

Currently undergoing SOC 2 Type II audit. We're building to the standard from day one — audit readiness is not an add-on.

Compliance & Certifications

SOC 2 Type II
In Progress
Expected completion Q3 2026
GDPR Compliance
Ready
Data residency options, deletion on request
HIPAA Compliance
Roadmap
Enterprise plan feature (Q4 2026)
SSO (SAML, OIDC)
Ready
Enterprise plan feature

How We Protect Your Data

01

Your Keys, Your Control

Bring your own API keys (BYOK) for all AI providers. Your credentials never touch our servers — agents call provider APIs directly using your keys.

02

Zero-Knowledge Architecture

Workspace data is encrypted with keys derived from your account credentials. We can't read your memory, conversations, or file cabinet without your password.

03

Isolated Workspaces

Every workspace runs in its own isolated environment. No cross-workspace data leakage, no shared agent state between projects.

04

Automatic Data Retention Policies

Configure retention policies per workspace. Auto-delete logs, conversation history, and memory after a set period — or keep everything indefinitely.

Security FAQ

Do you train models on our data?

No. We do not train models on your workspace data, conversations, or memory. Your data stays in your workspace and is never used for model training or feature development.

Where is our data stored?

By default, data is stored in US-based AWS regions (us-east-1). Enterprise customers can request EU or APAC data residency.

Can we export our data?

Yes. You can export all workspace data (conversations, memory, file cabinet, audit logs) at any time via the dashboard or API.

What happens if we delete our account?

All workspace data, conversations, memory, and audit logs are permanently deleted within 30 days. We provide a final export opportunity before deletion.

Do you have a bug bounty program?

Not yet, but it's on our roadmap for Q3 2026. If you discover a security issue, please email security@getnodeweaver.com.

Can we get a security questionnaire filled out?

Yes. Enterprise customers receive a dedicated security contact and can request completed security questionnaires. Email enterprise@getnodeweaver.com.

Have security questions?

Our security team is here to answer technical questions, provide documentation, or walk through our architecture.