Trust & Compliance

Built on solid ground.
Defensible to your auditor on day one.

Compliance posture, deployment models, and how we handle your data. The full controls list and audit package are available under NDA — what's published below is the public-facing summary.

Posture

Where we stand on the basics.

SOC 2 Ready

Controls and evidence aligned to SOC 2 Type II. Current package available under NDA on request.

HIPAA Ready

Administrative, physical, and technical safeguards in place for PHI handling. BAA available on request.

99.9% Uptime SLA

Production engagements run with monitoring, automated failover, and postmortems on any covered outage.

Tenant Isolation

Each customer environment is logically separated, with encryption at rest (AES-256) and in transit (TLS 1.3).

No cross-customer training

Your business data, conversations, and documents are not used to train models we deploy for other customers.

Auditable end-to-end

Every model call, every action, every decision is logged and replayable when you need to show your work.

Deployment Models

Each Agaro module ships as a deployable unit your team controls.

Cloud (multi-tenant)

Standard SaaS deployment for general enterprise use. Fastest path to production.

Dedicated tenant

Single-tenant deployment in our cloud — your data, your keys, your namespace.

Data Handling

The specifics, on one page.

Encryption at rest

AES-256, per-tenant keys

Encryption in transit

TLS 1.3 with modern cipher suites

Data residency

US-region hosting on production tiers

Access controls

OIDC/SAML SSO, RBAC, MFA enforced for admin

Logging & retention

Per-deployment audit logs, configurable retention windows

Incident response

On-call rotation, postmortems on covered outages

Subprocessor list

Maintained and available under NDA on request

Frequently asked

Trust & compliance — quick answers.

Is Agaro Technologies SOC 2 compliant?

Agaro is SOC 2 Ready (Type II controls aligned). The current evidence package is available under NDA on request.

Is Agaro HIPAA compliant?

Yes. Administrative, physical, and technical safeguards for PHI handling are in place, and a Business Associate Agreement (BAA) is available on request for healthcare clients.

Where does my data live?

Per-deployment isolation with AES-256 encryption at rest and TLS 1.3 in transit. Each customer environment is logically separated, with role-based access controls and audit logging on every system action.

Do you use my data to train models you sell to other customers?

No. Your business data, conversations, and documents are not used to train models that we deploy for other customers. Configurations and tuning specific to your engagement stay scoped to your engagement.

What does Agaro's uptime commitment look like?

A 99.9% uptime SLA on production engagements, with monitoring, automated failover, and incident postmortems for any covered outage.

Need the full controls list?

Audit packages are available under NDA. Reach out and we'll send a copy within one business day.

Request controls package