Security Overview
We take the security of your data and your AI agents' decisions seriously.
Data Encryption
All data is transmitted over TLS 1.3 and encrypted at rest using AES-256. Connection Keys are hashed before storage and are never transmitted in plaintext after creation.
Multi-Tenant Isolation
Every database query is filtered by workspaceId at the ORM layer. No query can access another workspace's data. This is enforced in code, not just by convention.
Session Security
Sessions use HMAC-SHA256 signed cookies. No JWTs are stored in localStorage. Sessions rotate on sensitive actions such as password changes and permission changes.
Audit Trail
Every decision is permanently logged - who approved or declined, when, which rule applied, and what was modified. The audit trail cannot be deleted by workspace members. CSV export is tamper-evident.
Connection Keys
Connection Keys are hashed before storage using a one-way algorithm. They are rotatable from Settings - Connection Keys at any time. Rotating a key immediately invalidates the previous one.
Rate Limiting
Per-agent rate limits are enforced at the edge for both hourly and daily request volumes. Violations result in automatic rejection with a plain English reason returned to the SDK.
SOC 2 Type II
SOC 2 Type II audit is in progress, expected Q3 2026. Our security controls are designed to meet these standards. Enterprise customers requiring pre-certification documentation should contact security@cheqpoint.dev.
Responsible Disclosure
Found a vulnerability? Email security@cheqpoint.dev. We acknowledge all reports within 24 hours and aim to resolve critical issues within 72 hours. We commit to no legal action against good-faith security researchers.
Infrastructure
Hosted on Vercel (UK/EU regions). Database: PostgreSQL with automated daily backups and point-in-time recovery. We target 99.9% uptime. See real-time status at /status.
Security questions or enterprise review?
Email security@cheqpoint.dev for vulnerability reports, enterprise security reviews, and compliance documentation requests.