Enterprise Guide
This guide covers configuring Waxell's enterprise security features.
Prerequisites
- Enterprise plan subscription
- Admin access to your Waxell tenant
- (Optional) AWS account for BYOK encryption
Data Residency
Data residency allows you to specify where your data is stored for compliance with regulations like GDPR.
Available Regions
| Region | Code | Price | Compliance |
|---|---|---|---|
| US East (Default) | us-east-1 | Included | HIPAA, SOC2, FedRAMP |
| EU West | eu-west-1 | $500/month | GDPR, SOC2, ISO27001 |
| APAC | ap-southeast-1 | $750/month | SOC2, ISO27001 |
Selecting a Region
- Navigate to Settings > Billing > Data Residency
- Review the available regions and their compliance certifications
- Click Select on your desired region
- Review the pricing and confirm
Multi-Region Disaster Recovery
For additional resilience, enable Multi-Region DR:
- Data is replicated to both regions in real-time
- Automatic failover if primary region is unavailable
- RPO: < 1 minute, RTO: < 5 minutes
- Additional $1,000/month
Sub-Tenants (B2B2C)
Sub-tenants allow you to create isolated environments for your customers.
Creating a Sub-Tenant
curl -X POST https://api.waxell.dev/waxell/v1/sub-tenants/ \
-H "X-Wax-Key: wax_sk_..." \
-H "Content-Type: application/json" \
-d '{
"name": "Acme Corp",
"external_id": "customer-123",
"contact_email": "admin@acme.com",
"quotas": {
"max_agents": 50,
"max_tokens_per_day": 500000
}
}'
Sub-Tenant Hierarchy
┌───────────────────────┐
│ Parent Tenant │
│ (Enterprise) │
│ max_agents: 1000 │
└───────────┬───────────┘
│
┌───────────┼───────────┬───────────────┐
│ │ │ │
▼ ▼ ▼
Sub-A Sub-B Sub-C
agents:50 agents:100 agents:25
Billing Configuration
Enable pass-through billing with markup:
- Set markup percentage (e.g., 20%)
- Usage tracked per sub-tenant
- Export usage reports for invoicing
Compliance Configuration
HIPAA Compliance ($500/month)
Enables:
- 7-year audit log retention
- Enhanced logging
- BAA (Business Associate Agreement)
- WORM-compliant audit export
SOC2 Compliance ($300/month)
Enables:
- 1-year audit log retention
- Compliance reports
- Enhanced access controls
Audit Log Export
Export audit logs for compliance:
# Via API
curl https://api.waxell.dev/waxell/v1/audit/export/ \
-H "X-Wax-Key: wax_sk_..." \
-o audit-logs.json.gz
Exports are:
- Daily, at 00:00 UTC
- Gzipped JSON format
- WORM-protected (immutable)
Sub-User Identity
Track which of your end-users trigger agent executions.
Creating Sub-User Tokens
curl -X POST https://api.waxell.dev/waxell/v1/identity/sub-users/token/ \
-H "X-Wax-Key: wax_sk_..." \
-H "Content-Type: application/json" \
-d '{
"sub_user_id": "user-123",
"email": "user@example.com",
"roles": ["viewer", "agent_user"],
"expires_in": 3600
}'
Using Sub-User Tokens
Include the token when triggering signals:
curl -X POST https://api.waxell.dev/api/v1/signals/lead_received \
-H "X-Wax-Key: wax_sk_..." \
-d '{
"sub_user_token": "wax_su_eyJ...",
"lead_id": "lead-456"
}'
Available Add-Ons
| Add-On | Price | Description |
|---|---|---|
| EU Data Residency | $500/mo | Store data in EU |
| APAC Data Residency | $750/mo | Store data in APAC |
| Multi-Region DR | $1,000/mo | Disaster recovery |
| HIPAA Compliance | $500/mo | Healthcare compliance |
| SOC2 Compliance | $300/mo | SOC2 certification |
| SAML SSO | $200/mo | Enterprise SSO |
| BYOK Encryption | $200/mo | Customer-managed keys |
Next Steps
- API Reference - Full API documentation
- Architecture - Technical deep dive