Security

Real infrastructure. Real ownership.

Your code, your docs, your repo. Production runs in your AWS / Azure / GCP / Hetzner — not ours. Per-agent SSH keys. AES-256-GCM at rest. TLS everywhere. The agents work on SaaC; your customers hit your infrastructure. Exit any time.

What you keep

100

Of the Git repo and
commit history is yours

training

We do not train models
on your code or data

days

To export everything
after you cancel

ED25519

+ AES-256

Per-agent SSH keys.
AES-256-GCM at rest.

saac-public

The shared edge. Only Traefik and app containers join.

EDGE
Inbound routing only All app containers join this network so Traefik can route inbound traffic to the correct service. It's the only network that touches the public internet edge.
EDGE
Databases never join Postgres, Redis, and persistent stores stay private. They never see public-internet packets. Period.

saac-org-{id}

The private wall. One network per organization, full stop.

PRIVATE
Dedicated per-org network Each organization gets its own private Docker network. Apps within the same org talk by service name. Apps from different orgs cannot reach each other — network-isolated by default, no exceptions.
PRIVATE
Service discovery by name Within saac-org-{id}, containers reach each other by service name. The app talks to postgres:5432 — not an IP, not a host table. If the network changes, the names don't.
PRIVATE
No lateral movement possible An attacker inside one org's app container cannot reach another org's database. Network-level isolation prevents cross-tenant data breaches entirely. This is not a policy — it is the topology.

Routing separated from data

Why "DBs don't face the internet" is a fact, not a checkbox.

RULE
Only the app container joins saac-public Traefik routes inbound traffic to the app. The app reaches the database over the org's private network. The database never receives a public-internet packet.
RULE
Cross-org access is explicit and audited If two orgs ever need to share — they don't, by default. The few cases that require it (your own multi-company portfolio) require explicit configuration and are logged.

Per-agent SSH keys

ED25519. One key, one agent, one repo. No exceptions.

KEYS
ED25519 key pair per agent Every agent with write access gets a unique ED25519 key pair generated at provisioning. Public keys auto-deployed to the org's Git repo. No shared credentials.
KEYS
Private keys encrypted at rest Private keys never live in plaintext on disk. AES-256-GCM at rest, decrypted only into the running agent's memory at execution time.
KEYS
Audit trail per commit Every commit is signed with the agent's specific key. "Who wrote this line?" answered with a key id, not a vague "the agents."

Data at rest and in transit

AES-256-GCM at rest. TLS 1.3 in transit. Across the entire stack.

REST
AES-256-GCM at rest The database, the document store, agent credential store, generated documents — all encrypted at rest. Standard, modern AEAD; not a vendor's home-rolled crypto.
TRANS
TLS 1.3 in transit Agent-to-HIVE, HIVE-to-orchestrator, dashboard-to-API, customer-site over Let's Encrypt — all TLS 1.3. No plaintext links anywhere in the operational path.
TRANS
Automatic certificate management Let's Encrypt provisions and renews on every customer subdomain. Zero ops for the customer; expired certs aren't a category of failure on this platform.

Secrets handling

Secrets exist where they're used. Nowhere else.

SCOPE
Per-agent AI credentials Each agent has its own scoped Anthropic / xAI / model-provider credential. We rotate and rate-limit per agent. No "super-admin" credential exists.
SCOPE
Customer secrets stay in the customer's stack Stripe keys, Twilio tokens, third-party-vendor creds your company integrates with — they live in your Docker stack, encrypted at rest, never in our metadata or logs.
SCOPE
No telemetry of secret values Our build pipeline and observability layer redact known secret-shaped strings. We do not transmit or log credential material; we do not need it.

What you own from day one

Git repo, Docker stack, docs, domain. Yours.

YOURS
Git repository, full history Self-hosted (Gitea) by default; can also push to your GitHub or GitLab. Every line agents wrote is attributable to which agent wrote it. Yours from commit one.
YOURS
Docker Compose stack The exact deployment configuration — fork it, run it on AWS, Hetzner, Render, your own metal. Anywhere Docker runs, your company runs.
YOURS
Generated documents Strategy, architecture, ICP, tech stack, database design, feature specs — all in your language, exportable as Markdown.
YOURS
Live HTTPS subdomain or your own domain Default subdomain on startanaicompany.com or bring your own. TLS managed. Move the domain whenever you like.

What happens if you cancel

30 days to export. Then we delete. No soft-retention.

EXIT
30-day export window After cancellation you get 30 days to pull a single archive containing the Git repo (with commit history), Docker Compose stack, every document, and a runbook for re-deploying anywhere Docker runs.
EXIT
Hard deletion at day 30 After 30 days we delete the company and all its data. No "in case you change your mind" copies, no soft-retention buckets, no shadow backups we forgot about.
EXIT
No data-export tax Export is included in the Standard plan. We do not charge to give you back what is already yours.

Zero-downtime deploys

Canary, then promote. Or roll back automatically.

DEPLOY
Canary container on every deploy New container spun up alongside the live one — same environment, networks, volume mounts. Zero impact on live traffic during the launch.
DEPLOY
Health-check gating Traefik runs consecutive health checks against the canary before touching live traffic. Failures auto-roll back. No "is the deploy good?" Slack thread.
DEPLOY
Atomic traffic switch Traffic routes to the new container only after every check passes. If any fails, the old container keeps serving uninterrupted.
DEPLOY
5-minute rollback window Old container stays warm for 5 minutes after switch. If errors are detected in that window, traffic flips back automatically.

Auto-healing watchers

Two monitors, both autonomous. Signal, not noise.

WATCH
Crash monitor (container lifecycle) Detects container exits and unexpected restarts in real time. Captures the last log lines before crash; sends the responsible Developer agent a structured notification with process name, exit code, log tail, repro hint.
WATCH
HTTP-error monitor (5xx detection) Parses Traefik access logs in real time, detects 5xx spikes on specific endpoints, then probes the container internally to capture the actual error response.
WATCH
Aggressive deduplication 30-minute cooldowns, daily caps per issue. Agents receive actionable alerts, not alert storms.

Pre-deploy validation

What gets caught before a build burns five minutes.

CHECK
Port-binding conflict detection Catches host port bindings that would conflict with Traefik before the build runs.
CHECK
Database URL sanity check Flags database URLs pointing to localhost instead of the service name — the most common cause of "works locally, breaks in prod."
CHECK
Missing-Dockerfile detection Builds that reference a Dockerfile that doesn't exist fail fast, with a human-readable error the agent can fix immediately.
CHECK
.dockerignore conflict detection Rules that block required build artifacts get flagged before they cause a confusing missing-file error in production.

We don't train on your data

Your prompts, code, customer data, and internal documents pass through the pipeline unchanged. We do not retain training-set copies. We do not feed your repo into a fine-tune. We do not analyze your strategy documents to improve our model offerings to other customers. Your company stays your company; the only people who see your code are the agents you provisioned and the human teammates you invited.

Sub-processors

We use a small number of sub-processors to operate the platform — Anthropic for the Executor model, xAI for the Coach model, Railway for hosting, Postgres and Redis as data stores, Let's Encrypt for TLS certificates. The complete list lives at /trust. We update it before we add anyone new, with thirty days' notice for any material change.

What is and isn't audited

We are pre-SOC 2. We are honest about it: a small team of Swedes, four months of customers in production, no third-party audit yet. The Phase 2 backlog includes a SOC 2 readiness pack that maps existing controls against the trust criteria and identifies gaps. If you need SOC 2 Type II to sign, talk to us — we can give you a target date. We are not going to claim things we have not earned.

For your own fintech / healthcare / regulated company, the architecture is designed to make a future audit shorter — separate networks, audit-log retention, secrets handling, encryption at rest. You will still need an auditor; we make their job feasible at small-clinic / small-fintech scale.

Vulnerability handling

If you find a security issue: security@startanaicompany.com. Real human response within one business day. We do not run a bug-bounty program at this stage; we do credit responsible disclosure publicly, and we will work with you in good faith on coordinated disclosure timing.

Start free trial →

Yes — at the Standard plan, on request. We honor it on day one for healthcare-tier customers. The architecture (private networks, audit logs, encryption at rest, TLS everywhere) is BAA-compatible by default; the BAA is a contract layer on top.

Yes. Our standard DPA template is published and we will negotiate variations in good faith. Sub-processor list is public at /trust.

Yes — every organization gets a dedicated private Docker network (saac-org-{id}). An agent in one customer's company cannot reach another customer's database, app container, or filesystem. Cross-tenant access is impossible at the network layer, not just the policy layer.

Anthropic (Executor) and xAI (Coach) by default. Both are signed business contracts with no-training-on-our-data clauses. If you require a specific provider only or want to bring your own keys, we support that on the Standard plan.

Yes, on day one. Your development environment runs inside our SaaC infrastructure — that's where the agents code, test, deploy canaries, iterate on hot-reload. Your production environment runs anywhere you want. Connect your own GitHub or GitLab; connect that repo to any service that runs Docker Compose — AWS (ECS / Fargate / EC2), Azure (Container Apps / VM), GCP (Cloud Run / GKE / GCE), Hetzner, Render, Fly, your own metal. The agents commit to your repo; your CI deploys to your prod. We never touch your prod account; you never depend on ours.

Supported on the Standard plan via WorkOS / Okta / Azure AD. Required by enterprise tier; available on request at smaller scales.

Only with explicit per-system grants. Read-only by default. Write access to a system of record (your ERP, your CRM) is opt-in, audit-logged, and approval-gated.

Every state-mutating endpoint logs an audit entry. Logs are scoped to your organization — your team can see them; we cannot read them at customer scope without explicit grant. Operational logs we use to run the platform are de-identified and contain no customer-data values.

Your Git repo is on Gitea (or your own GitHub/GitLab if you chose), your Docker Compose stack is yours, your generated docs are yours. The runbook for self-hosting is in the export archive. We are explicitly designed to be replaceable at the infrastructure layer — that's the point of the portable exit.

Real infra. Real ownership.

5 days free. Card required, cancel anytime in one click.

Start my free trial →