Security
Enterprise-grade trust by default
Autonomous agents are powerful, so we hold them to a high bar. Security and privacy are built into every layer of Elvinx — not bolted on later.
We're a young company and we'd rather be straight with you: our practices are built to GDPR and CCPA standards today, and our SOC 2 and ISO 27001 work is underway. Ask us where things stand any time.
Encryption everywhere
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Secrets are stored in an isolated, access-controlled vault.
Scoped permissions
Every integration uses least-privilege OAuth scopes. Agents can only touch the systems and actions you explicitly authorize.
SSO & SCIM
Enforce SAML single sign-on and automate user provisioning and de-provisioning with SCIM on Enterprise plans.
Audit logging
Every agent action, data access and configuration change is recorded in a tamper-evident, exportable audit trail.
Data residency
Choose where your data is processed and stored across US and EU regions to meet your regulatory obligations.
No training on your data
Your prompts, context and outputs are never used to train foundation models. Your data stays yours.
Guardrails
Human control over autonomy
Every agent operates inside boundaries you define, with escalation paths when judgment is required.
Approval gates
Require human sign-off before an agent sends an email, moves money or edits production systems.
Action limits
Set rate limits, spending caps and allow-lists so agents can never exceed their mandate.
Full observability
Watch every reasoning step and tool call in real time, and pause or stop a run instantly.
Instant revocation
Disconnect any integration or disable an agent in one click — access is revoked immediately.
Reporting a vulnerability?
We welcome responsible disclosure. Reach our security team directly and we'll respond promptly.