Security & Trust

Trusted with real things.

People hand your agent reminders, bookings, drafts, and personal context. This page explains, in plain terms, how we keep that safe. It also shows how to request our deeper security documentation.

Request our security documentation

Our posture

What we do to protect your data.

These are things we do today. Nothing here is aspirational.

Isolated by design

Every user's agent runs in its own private, isolated environment, its own machine. Your context and files are kept apart from every other user's.

Encrypted in transit and at rest

Your data is encrypted on the wire as it moves between systems, and encrypted when it is stored.

Backed up, tamper-resistant

Assigned environments are pulled into versioned, append-only cloud backups every few hours. The environments themselves hold zero backup credentials, so they cannot tamper with or delete history. Current data is retained; superseded history expires after 180 days.

Your data isn't for sale

Your SMS content is never used for advertising and never sold. Conversion and measurement data shared with ad platforms is hashed only, never plain text. We honor Global Privacy Control and Do-Not-Track automatically.

Compliance built in

Outbound messages pass a prohibited-content safety filter before they leave. We follow SMS and TCPA consent rules: text HELLO to opt in, STOP to opt out, HELP for help.

Registered DMCA agent

Autogenic Labs has a registered DMCA designated agent with the U.S. Copyright Office (Reg. No. DMCA-1074382), reachable at dmca@autogeniclabs.com.

Subprocessors

The service providers we rely on.

We share data with the providers that help us run the service, and only as much as each one needs to do its job.

Anthropic, OpenAI, Google (Gemini)
AI model providers that process the content of your requests to your agent.
exe.dev
Hosts your agent's private working environment.
Amazon Web Services
SMS delivery, application hosting, and storage.
Twilio
SMS message delivery, including carrier registration and routing.
Stripe
Payment processing and subscription management.
PostHog
First-party product and website analytics.
Meta, Google
Advertising measurement and attribution, using hashed data only.
Sampark Inc. (d/b/a Composio)
Connects your third-party accounts, such as Gmail and Calendar, and relays your requests to those services to operate the integration.
Cloudflare
Website hosting and content delivery.

The current list is maintained in our Privacy Policy.

Under NDA

Documentation available under NDA.

Deeper materials are available to prospects, partners, and investors under a non-disclosure agreement. Request access below and we will send an NDA to sign before sharing.

SOC 2 report & roadmap

Our current SOC 2 status and the roadmap toward the report.

Available under NDA Request access

Penetration test summary

A summary of findings and remediation from our most recent penetration test.

Available under NDA Request access

Data Processing Addendum

Our DPA covering how we process personal data on your behalf.

Available under NDA Request access

Security architecture overview

How the system is built and separated, including isolation and data flows.

Available under NDA Request access

Business continuity & disaster recovery plan

How we keep the service running and recover data if something fails.

Available under NDA Request access

Incident response plan

How we detect, contain, and communicate about a security incident.

Available under NDA Request access

Detailed subprocessor list with change notifications

The full subprocessor list and how we notify you when it changes.

Available under NDA Request access
Request access

Ask for our security documentation.

Tell us who you are and which documents you need. We review requests within two business days and send an NDA to sign before sharing.

We review requests within two business days and send an NDA to sign before sharing. Prefer email? Write to security@autogeniclabs.com.

Responsible disclosure

Report a vulnerability.

Found something? We want to hear about it. Email security@autogeniclabs.com with the details and steps to reproduce. We do not pursue good-faith security research, and we will work with you to confirm and fix what you find.