Trust & Security at Axite
Axite is built with security-first principles. We're committed to earning and maintaining your trust through transparent practices and continuous improvement.
SOC 2 Type II
Axite is actively working toward SOC 2 Type II certification. We've implemented the controls and are in the audit process.
Status: In Progress
We prioritize security controls that matter for agent governance: access control, audit logging, and data protection.
Data Encryption
All data is encrypted at rest using AES-256 and in transit via TLS 1.3.
Agent requests, policy decisions, and audit logs are encrypted before storage. Encryption keys are managed through industry-standard key management practices.
Audit Logging
Every agent action, policy decision, and administrative change is logged with full context.
Audit logs are:
- Immutable (append-only)
- Encrypted at rest
- Retained per your plan tier
- Exportable for compliance
Secrets Management
Secrets (API keys, tokens) are never logged in audit trails or decision traces.
We use secure secret storage with automatic rotation support. Secrets in transit are always encrypted and never exposed in logs.
Access Control
Axite enforces role-based access control (RBAC) for both users and agents.
Administrative access requires authentication. Agent identities are verified before policy evaluation. Least-privilege is the default.
Infrastructure Security
Axite's managed cloud runs on hardened infrastructure with:
- Network isolation and firewalls
- Regular security patching
- Intrusion detection monitoring
- DDoS protection
Vulnerability Management
We conduct regular security assessments including:
- Automated dependency scanning
- Static code analysis
- Penetration testing (annual)
- Responsible disclosure program
Report security issues to security@axite.ai
Data Handling
What we store:
- Agent requests (configurable retention)
- Policy decisions and traces
- Administrative audit logs
What we don't store:
- Secrets or credentials
- Unnecessary PII
- Raw tool responses (optional)
HIPAA
HIPAA compliance is on our roadmap. We are evaluating the controls needed to handle Protected Health Information (PHI).
Status: On Roadmap
Enterprise and Team customers will be able to request a Business Associate Agreement (BAA) once HIPAA compliance is achieved.
Requesting Compliance Documentation
Contact security@axite.ai for our SOC 2 readiness report, penetration test summaries, architecture documentation, or any other compliance artifacts you need for your security review.
Deployment Options & Data Residency
Axite offers flexible deployment options to meet your data residency and compliance requirements:
| Deployment | Data Location | Availability |
|---|---|---|
| Managed Cloud | US (default), EU available | Now |
| Private Deployment | Your cloud account | By request |
| Customer-Managed | Your infrastructure | Design partner |
For specific compliance requirements or data residency needs, contact our team.
Questions?
If you have questions about Axite's security practices or need documentation for your security review, please reach out:
- Security inquiries: security@axite.ai
- Compliance documentation: Book a security review
- General questions: Contact us