Agent cloud controls your security team can sign off on
Organizations with roles and audit trails, spend limits, key management, and a published security posture. We label what is live, what is in progress, and what is roadmap — no compliance theater.
What teams get today
- Orgs with owner / admin / member / viewer roles
- Email invites with expiring tokens, audit-logged
- Per-user spend limits and analytics opt-out
- API keys stored hashed, rotatable from /api-keys
- Shared org agent feed: see every run across the team
capabilities
Honest feature status, in writing
Every card carries its real status. Live means you can use it right now; roadmap means we are building it and will scope timelines with you directly.
Organizations, roles, and RBAC
Owner, admin, member, and viewer roles per organization. Invite by email, change roles, remove members — every change lands in the audit log.
Audit logs
Settings changes, invites, role changes, and membership removals are recorded per user and per org, queryable from the API and the settings surface.
Spend limits
Per-user spend limits are live in settings today; per-workspace limits that cap every member under one budget are on the roadmap.
API key management
Scoped keys with rotation, plus bring-your-own provider keys for the gateway. Keys are stored hashed; plaintext is shown once at creation.
SSO / SAML + SCIM
Google and GitHub sign-in are live for everyone. SAML SSO and SCIM directory sync are roadmap items for the contact-sales tier — talk to us if this is a blocker.
Private networking
Dedicated network segments and private egress between your apps, addons, and agents. Roadmap; today workloads are isolated per container with scoped credentials.
Data residency
A default GPU region (US or EU) is selectable in settings today. Hard residency guarantees that pin data and inference to a jurisdiction are roadmap.
BAA / DPA
A standard DPA is available on request. BAAs for healthcare workloads are handled case by case on the contact-sales tier.
compliance posture
Where we actually stand
| Item | Status | Detail |
|---|---|---|
| SOC 2 Type II | in progress | Controls are being implemented and evidence collected; a report is not yet available. We will not claim certification before it exists. |
| Data processing agreement (DPA) | on request | Standard DPA covering GDPR processor obligations, available for any paid plan via [email protected]. |
| Data export and deletion | live | Self-serve export and account-deletion requests from settings; both are recorded in the audit log. |
| Subprocessor list | live | Published on the security page and kept current as infrastructure changes. |
Need a security questionnaire filled in, a DPA countersigned, or a scoped pilot? Email [email protected] — you talk to the people who run the infrastructure, not a sales layer.
Bring your team; keep your controls
Start with an org and invites today, and tell us which roadmap item unblocks your rollout.