Isolated by design
Every user's agent runs in its own private, isolated environment, its own machine. Your context and files are kept apart from every other user's.
People hand your agent reminders, bookings, drafts, and personal context. This page explains, in plain terms, how we keep that safe. It also shows how to request our deeper security documentation.
These are things we do today. Nothing here is aspirational.
Every user's agent runs in its own private, isolated environment, its own machine. Your context and files are kept apart from every other user's.
Your data is encrypted on the wire as it moves between systems, and encrypted when it is stored.
Assigned environments are pulled into versioned, append-only cloud backups every few hours. The environments themselves hold zero backup credentials, so they cannot tamper with or delete history. Current data is retained; superseded history expires after 180 days.
Your SMS content is never used for advertising and never sold. Conversion and measurement data shared with ad platforms is hashed only, never plain text. We honor Global Privacy Control and Do-Not-Track automatically.
Outbound messages pass a prohibited-content safety filter before they leave. We follow SMS and TCPA consent rules: text HELLO to opt in, STOP to opt out, HELP for help.
Autogenic Labs has a registered DMCA designated agent with the U.S. Copyright Office (Reg. No. DMCA-1074382), reachable at dmca@autogeniclabs.com.
We share data with the providers that help us run the service, and only as much as each one needs to do its job.
The current list is maintained in our Privacy Policy.
Deeper materials are available to prospects, partners, and investors under a non-disclosure agreement. Request access below and we will send an NDA to sign before sharing.
Our current SOC 2 status and the roadmap toward the report.
A summary of findings and remediation from our most recent penetration test.
Our DPA covering how we process personal data on your behalf.
How the system is built and separated, including isolation and data flows.
How we keep the service running and recover data if something fails.
How we detect, contain, and communicate about a security incident.
The full subprocessor list and how we notify you when it changes.
Tell us who you are and which documents you need. We review requests within two business days and send an NDA to sign before sharing.
Found something? We want to hear about it. Email security@autogeniclabs.com with the details and steps to reproduce. We do not pursue good-faith security research, and we will work with you to confirm and fix what you find.