Appearance
What this is
AI Control Center is sold to the people accountable for AI risk — so this page states plainly what the system does with data, credentials, and evidence, and where the limits are. (This is the page Aegis is thin on; for us it's a primary surface, not an afterthought.)
Credential isolation
Downstream credentials (HRIS, CRM, Google, Slack) live in an encrypted vault and are injected server-side at execution time. We do not store credentials in model-visible prompts, search-index payloads, public logs, or marketing systems. The AI client never receives a downstream token — it calls the gateway, the gateway calls the system.
What's logged (the evidence model)
Every gateway call — allowed, routed, denied, or errored — writes an append-only control record: actor · tool · argument summary · policy decision · approver · result · source references · timing. Records are immutable, retained per your plan, and can be frozen under legal hold. This is the trail you show when a decision is questioned.
Data handling & scope
- Tenant isolation: every call is tenant-scoped server-side; a client cannot select another tenant. Storage enforces row-level isolation.
- Scope before access: an agent reaches only the populations, fields, accounts, and connectors its principal's role allows. Out-of-scope data is not retrieved, not "retrieved then filtered."
- Read/write/approve separation: permissions are distinct — reading a system never implies the right to write to it or approve a change in it.
Residency
EU and regulated sources can be region-boundaried before an agent reads them. Honest status: multi-region residency and full data-locality controls are partly roadmap — see the Changelog rather than assuming the target state.
Identity & access
Principals are resolved through Clerk (with enterprise SSO / SAML / OIDC on Enterprise plans). API keys are scoped to a project and role and cannot widen their own scope. Admins manage roles, connector scopes, and approval routing.
Policy & approvals as a security control
The security boundary is execution-time policy, not tool discovery. Finding a tool is not permission to use it. Sensitive operations (writes, external messages, exports, decisions affecting individuals) are routed to a named human before they run.
Compliance posture (stated honestly)
We use ISO/IEC 42001 (AI management) and ISO/IEC 27001 (information security) as anchors and support EU AI Act readiness — we do not claim automatic compliance or certification on your behalf. SOC 2 status is published in the Changelog when achieved, not implied before. The service is not legal, HR-compliance, or financial advice; you remain responsible for final decisions.
Responsible disclosure
Security issues: <security@…>. We acknowledge, investigate, and coordinate disclosure. We may disclose data only as required for security, abuse investigation, or legal compliance.