Data Handling
Zero Data Retention
AgentShield does not store, log, or persist the text you send for classification. Request payloads are processed in-memory and discarded immediately after the response is returned.
No training on your data. No analytics on your content. No exceptions.
Transport Encryption
All API traffic is encrypted with TLS 1.3. API keys are hashed with SHA-256 before storage. We never store plaintext keys.
Stateless Architecture
The classifier runs as a stateless service — no session state, no user profiles, no cross-request correlation. Each classification is independent.
Infrastructure
Hosted on Hetzner dedicated servers in Germany (EU). No data leaves the EU. No third-party sub-processors for classification.
Security Practices
-
✓
API Key Authentication
SHA-256 hashed keys with per-tier rate limiting. Bearer token or X-API-Key header.
-
✓
Input Validation & Size Limits
Max 10,000 characters per request. Strict JSON schema validation. No code execution.
-
✓
CORS & Rate Limiting
Per-key daily limits enforced at the gateway. Configurable per tier.
-
✓
No Raw Payload Logging
Usage logs track request counts, latency, and threat classification — never the input text.
-
✓
Open Benchmark & Model Transparency
Public benchmark (5,972 samples), published F1/precision/recall, open DeBERTa-v3 architecture.
-
✓
Dependency Auditing
Automated dependency scanning. Minimal dependency footprint (FastAPI, PyTorch, sentence-transformers).
Compliance Roadmap
Data Processing Addendum (DPA)
Q2 2026 — CompleteGDPR-ready DPA available on request. Covers data handling, retention (none), sub-processors (none), and breach notification.
EU Data Residency
Q2 2026 — CompleteAll compute and storage within EU (Hetzner, Germany). No transatlantic data transfer.
SOC 2 Type I Readiness Assessment
Q3 2026 — In ProgressEngaging with audit firm for gap analysis. Documenting controls for security, availability, and confidentiality trust service criteria.
Self-Hosted Docker Image (Beta)
Q3 2026 — PlannedRun the full classifier on-premises. No external API calls. Includes DeBERTa model weights, binary classification head, and inference server.
SOC 2 Type II Audit
Q4 2026 — PlannedFull SOC 2 Type II certification with continuous monitoring over a 6-month observation period.
ISO 27001 Certification
Q1 2027 — PlannedInternational information security management system certification.
Responsible Disclosure
If you discover a security vulnerability in AgentShield, please report it to [email protected]. We aim to acknowledge reports within 24 hours and provide an initial assessment within 72 hours.
Questions about security?
Request our DPA, ask about compliance, or discuss your specific requirements.
Contact Us