Enterprise

Agent cloud controls your security team can sign off on

Organizations with roles and audit trails, spend limits, key management, and a published security posture. We label what is live, what is in progress, and what is roadmap — no compliance theater.

What teams get today

  • Orgs with owner / admin / member / viewer roles
  • Email invites with expiring tokens, audit-logged
  • Per-user spend limits and analytics opt-out
  • API keys stored hashed, rotatable from /api-keys
  • Shared org agent feed: see every run across the team
Open settings

capabilities

Honest feature status, in writing

Every card carries its real status. Live means you can use it right now; roadmap means we are building it and will scope timelines with you directly.

live

Organizations, roles, and RBAC

Owner, admin, member, and viewer roles per organization. Invite by email, change roles, remove members — every change lands in the audit log.

live

Audit logs

Settings changes, invites, role changes, and membership removals are recorded per user and per org, queryable from the API and the settings surface.

live

Spend limits

Per-user spend limits are live in settings today; per-workspace limits that cap every member under one budget are on the roadmap.

live

API key management

Scoped keys with rotation, plus bring-your-own provider keys for the gateway. Keys are stored hashed; plaintext is shown once at creation.

roadmap

SSO / SAML + SCIM

Google and GitHub sign-in are live for everyone. SAML SSO and SCIM directory sync are roadmap items for the contact-sales tier — talk to us if this is a blocker.

roadmap

Private networking

Dedicated network segments and private egress between your apps, addons, and agents. Roadmap; today workloads are isolated per container with scoped credentials.

roadmap

Data residency

A default GPU region (US or EU) is selectable in settings today. Hard residency guarantees that pin data and inference to a jurisdiction are roadmap.

on request

BAA / DPA

A standard DPA is available on request. BAAs for healthcare workloads are handled case by case on the contact-sales tier.

compliance posture

Where we actually stand

ItemStatusDetail
SOC 2 Type IIin progressControls are being implemented and evidence collected; a report is not yet available. We will not claim certification before it exists.
Data processing agreement (DPA)on requestStandard DPA covering GDPR processor obligations, available for any paid plan via [email protected].
Data export and deletionliveSelf-serve export and account-deletion requests from settings; both are recorded in the audit log.
Subprocessor listlivePublished on the security page and kept current as infrastructure changes.

Need a security questionnaire filled in, a DPA countersigned, or a scoped pilot? Email [email protected] — you talk to the people who run the infrastructure, not a sales layer.

Bring your team; keep your controls

Start with an org and invites today, and tell us which roadmap item unblocks your rollout.