Security at TrustScope

We build governance infrastructure for AI agents. Security isn't a feature—it's foundational.

We Eat Our Own Cooking

TrustScope governs its own AI with TrustScope. Every AI call we make—including our detection engines—runs through the same governance infrastructure you use.

Security Principles

Defense in Depth

Multiple layers of security controls ensure no single point of failure can compromise your data.

Least Privilege

Access is granted only to what's necessary. Role-based controls limit exposure across the organization.

Audit Everything

Every action is logged in tamper-evident hash chains. We practice what we preach about audit trails.

Infrastructure Security

Cloud Infrastructure

  • Render — managed compute infrastructure
  • Neon — managed PostgreSQL infrastructure
  • Vercel — edge deployment infrastructure
  • Clerk — authentication and session management
  • Stripe — payments and billing infrastructure

Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption at rest
  • Ed25519 signatures for evidence artifacts
  • BYOK (Bring Your Own Key) available for Govern tier

Access Controls

  • Role-based access control (RBAC)
  • SSO/SAML integration (Govern tier)
  • API key scoping and rotation
  • Audit logs for all admin actions

Data Security

Your AI Agent Data

  • Org-scoped multi-tenancy: every query includes WHERE org_id = authenticated
  • We do not train AI models on your data
  • PII is redacted before any external AI engine call (detection engines)
  • Data retention follows your subscription tier (30 days to 7 years)
  • Hash chains provide tamper-evident audit trails
  • Optional blockchain anchoring via OpenTimestamps

Compliance & Certifications

SOC 2 Type II

In progress (Q2 2026)

GDPR

Compliant with DPA available

Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. Please email security concerns to:

security@trustscope.ai

We aim to respond within 24 hours and work with researchers to address issues before public disclosure.

Questions about security?

Our team is happy to discuss security requirements for your organization.

Contact Security TeamView DPA