|Documentation
dataworkers

Security & Compliance

This document describes the security architecture, data protection mechanisms, access controls, and compliance posture of Data Workers.

Architecture Security

Zero-trust model. Every agent-to-agent and agent-to-tool call is authenticated and authorized. No implicit trust between services.

  • Mutual TLS (mTLS) for all inter-service communication
  • Short-lived credentials with 15-minute TTL (configurable), automatically rotated. Rotation is transparent to active sessions.
  • Static keys are eliminated wherever possible through automated credential management
  • Service identity verified on every request

Data Protection

Encryption:

  • AES-256 encryption at rest
  • TLS 1.3 for all data in transit
  • Customer-managed encryption keys (BYOK) supported

PII handling:

  • PII is automatically detected and scrubbed before any LLM processing
  • Raw PII is never stored in vector databases or long-term memory
  • Detection covers common PII types: names, emails, phone numbers, SSNs, credit card numbers, addresses
  • Custom PII patterns can be configured for domain-specific sensitive data

Data Residency

VPC and on-premise deployments ensure data stays in your chosen region and never leaves your network perimeter. SaaS deployments are available in US and EU regions. Contact us for specific region availability.

Access Control

  • OAuth 2.0 authentication on all MCP connections
  • Read-only by default — agents observe before they act
  • Configurable approval gates per agent, per operation type
  • Least-privilege access provisioning — agents request only the permissions they need
  • Role-based access control (RBAC) with pre-defined roles: Admin, Operator, Viewer. Custom roles available in Enterprise tier.

Audit & Compliance

Audit logging:

  • Immutable, append-only audit logs for every agent action
  • 7-year log retention
  • Logs are queryable by agent, action type, time range, and outcome
  • Full decision reasoning chains are captured for every action

Compliance posture:

  • Architected to meet SOC 2 Type II and HIPAA requirements
  • Continuous dependency monitoring with quarterly security assessments
  • Annual penetration testing

Incident Response

  • Automated detection and remediation for known incident patterns
  • Escalation paths for novel incidents that fall outside known patterns
  • Full decision audit trails available for forensic analysis
  • Post-incident reports generated automatically with timeline, root cause, and remediation steps
Developer GuideConfiguration