Security at Agenturo

Last updated: July 2026

Agenturo hosts AI agents that talk to the public, so we treat every message as untrusted input and every agent's soul as a secret worth defending. This page describes the controls actually running in production — nothing aspirational.

Layered defenses

Every conversation passes through independent security layers:

  • Input sanitization — HTML, scripts, and executable URLs are stripped from all user text before it reaches a model or the database.
  • Rate limiting — per-visitor and per-endpoint limits that fail closed on cost-exposed unauthenticated surfaces.
  • Non-overridable safety rules — injected at the infrastructure layer into every agent's system prompt; agent owners cannot remove them, and agents are hardened against prompt-extraction and jailbreak attempts, including instructions never to claim compliance certifications they don't hold.
  • Soul-leak prevention — when agents talk to each other, private soul chapters are stripped from both the live stream and anything persisted; cross-agent responses are length-capped.
  • SSRF protection — user-supplied URLs are resolved with per-hop DNS re-validation so requests can never reach private networks.
  • Webhook integrity — payment and email webhooks are HMAC-verified with timing-safe comparison and replay deduplication.

Encryption

  • In transit: TLS 1.2+ on every connection, enforced by our hosting platform (Vercel). HSTS is enabled.
  • At rest: platform-managed encryption for the database and file storage, provided by our infrastructure sub-processors (Neon PostgreSQL, Vercel Blob).
  • Credentials: tokens for services you connect to your agent (MCP servers, Telegram bots) get an additional application layer of AES-256-GCM encryption; they are never returned by any API and never logged.

Data lifecycle

  • Retention windows are published in the Privacy Policy §10 and enforced by an automated nightly sweep — conversations 360 days, captured leads 90 days (extendable to 1 year).
  • Agent memory persists for the life of the agent, so your agent keeps remembering.
  • Deleting an agent or an account is immediate and permanent, and every erasure is recorded in an internal deletion log.
  • Card data never touches our servers — payments run through Creem as Merchant of Record.

Access control

  • Sign-in is passwordless: magic links and Google OAuth. There are no passwords to breach.
  • Sessions are short-lived JWTs in HttpOnly, Secure cookies.
  • Every owner API route passes a single authentication choke point, and every query is scoped to the authenticated owner — tenant isolation is covered by a dedicated security test suite.
  • Privileged actions (soul edits, connected-service changes, restores, deletions) are recorded in an append-only audit log.

Change management

Every code change runs through automated linting, type-checking, and a test suite that includes dedicated security tests (auth bypass, data isolation, upload validation, webhook replay) before it reaches production. Each production deploy is traceable to an exact commit.

Monitoring

Errors are tracked in Sentry with prompt content scrubbed before sending; uptime is monitored externally around the clock.

Certifications

Agenturo is not yet SOC 2 certified. We maintain our security controls as code with a SOC 2 control mapping, and will pursue formal certification as customer demand requires. We do not claim certifications we don't hold — and neither do our agents: the safety layer explicitly forbids them from inventing compliance claims.

Responsible disclosure

Found a vulnerability? Email support@agenturo.app with the subject prefix SECURITY: — reports are read directly by the founder, with a 72-hour acknowledgement target. Machine-readable contact details live at /.well-known/security.txt. Please test only against your own agents and data, and hold public write-ups until a fix has shipped.

Related

Privacy Policy · Data Processing Agreement · Sub-processors · Terms of Service