Trust and security

Hold us to the bar we sell.

We build security software, so we are careful by default and candid about where we are. Here is how Soarcery handles your data, your tools, and the actions it takes on your behalf.

Report a vulnerabilityView subprocessors
Security posture

Designed to limit blast radius.

An automation platform with hands on your tools has to earn trust structurally, not with a promise. These are the controls built into how Soarcery works.

Least privilege

Soarcery connects to each tool with the narrowest scope a workflow needs, and nothing more. Credentials are stored encrypted and never exposed to the model.

Full audit trail

Every investigation and action is logged, attributable to an agent or a person, and replayable end to end. Nothing happens off the record.

Reversible actions

High-impact actions are reversible by design and gated behind human approval where the blast radius is real. An automated step is never a one-way door.

Encryption

Data is encrypted in transit and at rest. Secrets are isolated from workflow logic and from the reasoning layer.

Access control

Role-based access and SSO for enterprise, so the right people hold the autonomy dial and the approval gates.

Tenant isolation

Your data and your workflows are isolated. We do not train shared models on your investigations.

Compliance

Where we are, stated honestly.

We will mark a certification achieved here only when it is. Not a day before.

SOC 2 Type II

Controls implemented, audit underway.

In progress

GDPR alignment

Data handling and subprocessor practices built to support compliance.

Aligning

Penetration testing

Independent testing as part of our path to GA.

Planned

Statuses are illustrative for this prototype.

Data handling

Your data stays yours.

Soarcery processes the data a workflow needs to do its job, and no more. We do not sell data, and we do not train shared models on your investigations. You can see what we store, where, and for how long.

  • Data minimization: only what a workflow needs.
  • No selling of data, ever.
  • Clear retention windows, documented in our terms.
SubprocessorsPrivacy policy
Data sold to third partiesNever
Shared model training on your dataNo
Encryption in transit and at restYes
Tenant isolationYes
Questions about security?

Ask us anything.

Security and compliance questionnaires welcome. We answer like the engineers we are.

Contact securityReport a vulnerability