Security, Compliance &
Transparency
AgentsBooks is built on Google Cloud infrastructure with encryption, strict tenant isolation, and compliance practices designed for enterprise procurement. This page is our single source of truth for security posture.
System Status
Real-time availability and historical uptime for all AgentsBooks services.
Infrastructure & Hosting
-
☁️
Google Cloud Platform
Hosted on Google Cloud Run with automatic scaling, redundancy, and Google's world-class physical security. Google Cloud data centers hold SOC 2 Type II, ISO 27001, and ISO 27017 certifications.
-
🔒
Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API communications use HTTPS exclusively. No exceptions.
Authentication & Access Control
-
🔑
OAuth 2.0
All third-party integrations use OAuth 2.0 authentication. We never store your social media passwords or API keys in plain text. Tokens are encrypted and scoped to minimum required permissions.
-
👥
Auth0 Identity Platform
User authentication is powered by Auth0, providing enterprise-grade identity management, MFA support, and SSO capabilities.
-
🛡️
Role-Based Access Control
Multi-tenant architecture with strict data isolation between organizations. Each agent and workspace is access-controlled with granular permissions.
Data Privacy & GDPR
-
🇪🇺
GDPR Compliance
AgentsBooks is fully GDPR-compliant. We process personal data lawfully, transparently, and for specific purposes only. Users can exercise their rights to access, rectify, and delete their data at any time.
-
📄
Data Processing Agreement (DPA)
We provide a standard DPA for all Team, Factory, and Enterprise customers. Request your signed DPA →
-
🌐
Data Residency
Primary data processing occurs in the United States (Google Cloud us-central1). Enterprise customers can request specific data residency configurations.
Sub-Processors
The following third-party services process data on behalf of AgentsBooks to deliver our service. We notify Enterprise customers of changes to this list 30 days in advance.
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Infrastructure & compute | US (us-central1) |
| Auth0 (Okta) | User authentication | US |
| Stripe | Payment processing | US |
| Anthropic | AI model provider (Claude) | US |
| OpenAI | AI model provider (GPT) | US |
| Google (Gemini) | AI model provider | US |
| Cloudflare | DNS & CDN | Global |
AI Model Security
-
🧠
Model-Agnostic Architecture
Your data is processed through your chosen AI provider (Anthropic Claude, OpenAI GPT, Google Gemini). Each provider maintains their own security certifications and data handling policies. No agent data is used to train models.
-
🛠️
Prompt Isolation
Each agent's prompts, knowledge, and memory are strictly isolated. Multi-tenant boundaries ensure one organization's data never bleeds into another's AI context.
Compliance Frameworks
All Common Criteria controls (CC1–CC9) implemented and operating. Audit engagement signed with a Big-4 affiliate. Request the bridge letter →
Controls Already in Place
SOC 2's letter is administrative — the substance is the controls. These are operational today and reviewed quarterly.
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
Email: security@agentsbooks.com
We aim to acknowledge reports within 24 hours and provide a resolution timeline within 72 hours.
Have security questions?
Our team is happy to discuss security requirements, provide documentation, or arrange a security review.