SOC 2 Type II
We are SOC 2 Type II certified. Our systems and processes are designed to ensure the security, availability, and confidentiality of customer data. The latest audit report (issued September 2023, Report #8821) is available upon request.
Trust & Compliance
Security is not a feature.
It is a contract.
At BotMatrix, we treat your data as if it were our own. We believe that security is not a product you buy; it is a practice you perform. From the moment data enters our pipeline, it is encrypted, isolated, and monitored.
Our infrastructure is built on a Zero Trust architecture. We never trust, we always verify. Every request, every API call, and every user session is authenticated and authorized before execution. We are not just building a platform; we are building a secure foundation for your most critical AI workflows.
We invite you to read our Security Whitepaper or contact our Security team directly to discuss our architecture, compliance reports, or penetration testing results.
Certifications & Compliance
GDPR Compliant
We are fully GDPR compliant. Our data processing agreements (DPAs), privacy policy, and technical measures ensure that we respect user rights regarding data access, rectification, and deletion.
ISO 27001 In Progress
Our ISO 27001 certification audit is currently in progress. We expect full certification by Q2 2024. In the meantime, we adhere to the strict controls defined by the standard.
Data Architecture & Encryption
Data is the fuel of AI. We ensure it remains the fuel of your business, protected by enterprise-grade encryption standards.
-
AES-256
All secrets, credentials, and sensitive pipeline inputs are encrypted at rest using AES-256. We never store plaintext keys in our logs or configuration files.
-
Per-Tenant Keys
Each tenant has its own unique encryption key pair managed via AWS KMS. This ensures that data belonging to one customer is strictly isolated and inaccessible to others.
-
TLS 1.3
All data in transit is encrypted using the latest TLS 1.3 protocols. We enforce strict certificate pinning and HSTS headers across all API endpoints.
// Example: Encrypting secrets via CLI $ botmatrix secrets encrypt --input /path/to/api.key Output: arn:aws:kms:us-east-1:123456789012:key/8f7a9b2c-3d4e-5f6a-7b8c-9d0e1f2a3b4c // Data Residency Options us-east-1 (N. Virginia) - Primary Region eu-west-1 (Ireland) - GDPR Region
Granular Access Control
Fine-grained permissions ensure that only the right people have access to the right resources.
BotMatrix implements Role-Based Access Control (RBAC) at the organization, team, and user levels. You can define custom roles to align with your internal security policies. All access requests are audited and logged.
Enterprise-Ready Identity
We support Single Sign-On (SSO) and SAML 2.0 for seamless integration with Okta, Azure AD, and Google Workspace. This allows you to centralize user management and enforce MFA policies.
[SSO Integration Diagram Placeholder]
Audit Trail & Monitoring
Complete transparency into who accessed what, and when.
BotMatrix maintains a comprehensive audit log of all actions within the platform. This includes API key usage, configuration changes, user login attempts, and pipeline execution triggers.
Retention Policy: Audit logs are retained for a minimum of 90 days. Enterprise customers can configure retention periods up to 7 years for compliance with specific regulations. Logs are immutable and exported to secure object storage.
Vulnerability Disclosure & Penetration Testing
Responsible Disclosure
We run a public HackerOne program. If you discover a vulnerability, please report it to us via the HackerOne portal. We offer bounties for critical and high-severity findings.
Annual Pentesting
BotMatrix undergoes annual third-party penetration testing by accredited firms (e.g., Intigriti, Cure53). All findings are tracked, patched, and verified before the next audit cycle.
Results Under NDA
Detailed pentest reports and vulnerability remediation timelines are available for Enterprise customers under a non-disclosure agreement (NDA).
Uptime & Incident History
We operate a multi-region, active-active infrastructure to ensure maximum availability. Our SLA is 99.97%.
Need more info?
Download our Security
Download our Security
Whitepaper
Get the full technical breakdown of our architecture, compliance reports, and incident response procedures.