Security

Enterprise-grade trust by default

Autonomous agents are powerful, so we hold them to a high bar. Security and privacy are built into every layer of Elvinx — not bolted on later.

gpp_goodGDPR-alignedpolicyCCPA-alignedpendingSOC 2 — in progressscheduleISO 27001 — on roadmap

We're a young company and we'd rather be straight with you: our practices are built to GDPR and CCPA standards today, and our SOC 2 and ISO 27001 work is underway. Ask us where things stand any time.

Encryption everywhere

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Secrets are stored in an isolated, access-controlled vault.

Scoped permissions

Every integration uses least-privilege OAuth scopes. Agents can only touch the systems and actions you explicitly authorize.

SSO & SCIM

Enforce SAML single sign-on and automate user provisioning and de-provisioning with SCIM on Enterprise plans.

Audit logging

Every agent action, data access and configuration change is recorded in a tamper-evident, exportable audit trail.

Data residency

Choose where your data is processed and stored across US and EU regions to meet your regulatory obligations.

No training on your data

Your prompts, context and outputs are never used to train foundation models. Your data stays yours.

Guardrails

Human control over autonomy

Every agent operates inside boundaries you define, with escalation paths when judgment is required.

Approval gates

Require human sign-off before an agent sends an email, moves money or edits production systems.

Action limits

Set rate limits, spending caps and allow-lists so agents can never exceed their mandate.

Full observability

Watch every reasoning step and tool call in real time, and pause or stop a run instantly.

Instant revocation

Disconnect any integration or disable an agent in one click — access is revoked immediately.

Reporting a vulnerability?

We welcome responsible disclosure. Reach our security team directly and we'll respond promptly.