All Systems Operational

Security & Compliance

Technical documentation of Waxell's security architecture, controls, and compliance posture.

Request Security Review Download Documents

AES-256-GCMEncryption at Rest

TLS 1.3Encryption in Transit

AWS KMSKey Management

SOC 2 Type IIIn Progress

Data Protection

Encryption Architecture

Encryption at Rest

Algorithm	`AES-256-GCM`
Key Management	AWS KMS (FIPS 140-2 Level 3)
Key Hierarchy	Envelope encryption with per-tenant DEKs
Key Rotation	Automatic, annual (configurable)
Database	RDS encryption + field-level encryption
Object Storage	S3 SSE-KMS with bucket keys
Backups	Encrypted with separate backup keys

Encryption in Transit

Protocol	`TLS 1.3` (TLS 1.2 minimum)
Cipher Suites	AEAD only (GCM, ChaCha20-Poly1305)
Certificate Authority	AWS ACM (auto-renewal)
HSTS	Enabled, max-age=31536000, includeSubDomains
Internal Traffic	mTLS between services

Field-Level Encryption

PII and sensitive data is encrypted at the application layer before database storage. Each field uses a unique data encryption key (DEK) wrapped by tenant-specific KMS keys.

# Sensitive fields are encrypted at the application layer
# before reaching the database using AWS KMS envelope encryption

encrypted_fields = [
    "user.email",
    "user.phone",
    "agent.api_keys",
    "workflow.input_data",
    "workflow.output_data",
    "audit.request_body",
]

# Each tenant has isolated KMS keys
# Key rotation: automatic, every 365 days
# Key deletion: 7-day waiting period enforced

Infrastructure

Network & Compute Security

Network Architecture

Cloud Provider	AWS (primary)
Regions	us-east-1, eu-west-1
VPC Isolation	Dedicated VPC per environment
Subnets	Public, Private, Isolated (DB)
NAT	Managed NAT Gateway (HA)
DNS	Route53 with DNSSEC

Edge Security

CDN	CloudFront (all edges)
DDoS Protection	AWS Shield Standard
WAF	AWS WAF v2 with managed rules
Rate Limiting	Per-IP and per-tenant limits
Bot Protection	AWS WAF Bot Control
Geo Blocking	Configurable per tenant

Compute Security

Container Runtime	ECS Fargate (serverless)
No SSH Access	Immutable infrastructure
Image Scanning	ECR scanning on push
Secrets	AWS Secrets Manager
IAM	Task-level roles, least privilege
Patching	Automated via CI/CD

Network Flow


┌─────────────────────────────────────────────────────────────────────────────┐
│                              INTERNET                                        │
└─────────────────────────────────────────────────────────────────────────────┘
                                    │
                                    ▼
┌─────────────────────────────────────────────────────────────────────────────┐
│  CloudFront (CDN + WAF + Shield)                                            │
│  ├─ TLS 1.3 termination                                                     │
│  ├─ AWS WAF rules (OWASP, rate limits, bot control)                        │
│  └─ Geographic restrictions                                                 │
└─────────────────────────────────────────────────────────────────────────────┘
                                    │
                                    ▼
┌─────────────────────────────────────────────────────────────────────────────┐
│  Application Load Balancer (Private Subnets)                                │
│  ├─ mTLS to backend services                                                │
│  └─ Health checks, connection draining                                      │
└─────────────────────────────────────────────────────────────────────────────┘
                                    │
                                    ▼
┌─────────────────────────────────────────────────────────────────────────────┐
│  ECS Fargate Services (Private Subnets)                                     │
│  ├─ API Gateway    ├─ Agent Runtime    ├─ Workflow Engine                  │
│  └─ No public IPs, egress via NAT Gateway                                  │
└─────────────────────────────────────────────────────────────────────────────┘
                                    │
                                    ▼
┌─────────────────────────────────────────────────────────────────────────────┐
│  Data Layer (Isolated Subnets - No Internet Access)                         │
│  ├─ RDS PostgreSQL (Multi-AZ, encrypted)                                   │
│  ├─ ElastiCache Redis (encrypted, auth token)                              │
│  └─ S3 (VPC endpoint, no public access)                                    │
└─────────────────────────────────────────────────────────────────────────────┘

Identity & Access

Authentication & Authorization

Authentication

Protocol	OAuth 2.0 / OpenID Connect
SSO Support	SAML 2.0, OIDC (Okta, Azure AD, Google)
MFA	TOTP, WebAuthn/FIDO2, SMS (optional)
MFA Enforcement	Configurable per org (required for admin)
Session Duration	24h default, configurable 1h-7d
Session Binding	IP + User-Agent fingerprint
Password Policy	12+ chars, complexity, breach check
Brute Force Protection	Account lockout after 5 failures

API Authentication

API Keys	SHA-256 hashed, prefix visible
Key Scopes	Read, Write, Admin (granular)
Key Rotation	No expiry, manual rotation
JWT Tokens	RS256, 15min access, 7d refresh
Rate Limits	Per-key, configurable

Authorization

Model	RBAC + ABAC hybrid
Default Roles	Owner, Admin, Developer, Viewer
Custom Roles	Supported (Enterprise)
Resource Scoping	Org → Project → Agent → Workflow
Policy Evaluation	Deny-by-default, explicit grants

User Provisioning

SCIM 2.0	Supported (Okta, Azure AD)
JIT Provisioning	Via SAML/OIDC attributes
Group Sync	IdP groups → Waxell roles
Deprovisioning	Immediate on IdP removal

AI/ML Security

Agent & Model Security

Data Isolation

Tenant Isolation	Logical isolation at DB level
Agent Sandboxing	Per-execution container isolation
Context Boundaries	No cross-tenant data in prompts
Memory Isolation	Agent memory scoped to tenant

Model Provider Security

Training Data	Never used for training
Data Retention	0-day retention (API agreements)
Providers	OpenAI, Anthropic (enterprise)
BYOK	Bring your own API keys supported

Prompt Security

Injection Detection	Multi-layer input validation
Output Filtering	PII detection, content filtering
Guardrails	Configurable output constraints
Token Budgets	Per-agent, per-workflow limits

Zero Training Guarantee

Your data is never used to train any AI models. We maintain enterprise agreements with all LLM providers (OpenAI, Anthropic) that contractually prohibit training on customer data. All prompts and completions are ephemeral and not retained by providers.

Observability

Audit Logging & Monitoring

Audit Logs

Coverage	All API calls, auth events, admin actions
Format	Structured JSON (CloudWatch Logs)
Retention	90 days hot, 1 year cold (S3)
Immutability	S3 Object Lock (compliance mode)
Export	SIEM integration (Splunk, Datadog)

Logged Events

Authentication (login, logout, MFA, SSO)
Authorization (permission grants, denials)
Resource CRUD (agents, workflows, policies)
Agent executions (start, complete, fail)
API key operations (create, rotate, revoke)
Admin actions (user management, settings)
Data access (exports, bulk operations)

Security Monitoring

SIEM	AWS Security Hub + GuardDuty
Alerting	PagerDuty integration
Anomaly Detection	ML-based (GuardDuty)
Vulnerability Scanning	AWS Inspector (continuous)

Alert Triggers

Failed login attempts (threshold)
Privilege escalation attempts
Unusual API patterns
Data exfiltration indicators
Infrastructure anomalies
Certificate expiration warnings

Compliance

Certifications & Standards

In Progress

SOC 2 Type II

Independent audit of security, availability, and confidentiality controls. Audit in progress with expected completion Q2 2026.

Auditor: TBD

Expected: Q2 2026

Trust Services: Security, Availability, Confidentiality

Active

GDPR

Full compliance with EU General Data Protection Regulation. DPA available for all customers.

Data Processing Agreement: Available

EU Data Residency: eu-west-1 (Ireland)

DPO Contact: dpo@waxell.ai

Active

CCPA

California Consumer Privacy Act compliance for US operations.

Privacy Policy: Updated Jan 2026

Data Deletion: Within 45 days

Do Not Sell: We do not sell personal data

Planned

ISO 27001

Information Security Management System certification planned for 2026.

Target: Q4 2026

Scope: Full platform

Reliability

Business Continuity & Disaster Recovery

Availability

SLA Target	99.9% uptime
Architecture	Multi-AZ (3 availability zones)
Database	RDS Multi-AZ with auto-failover
Load Balancing	Cross-AZ with health checks
Status Page	status.waxell.ai

Disaster Recovery

RPO	< 1 hour (point-in-time recovery)
RTO	< 4 hours
Backup Frequency	Continuous (transaction logs)
Backup Retention	35 days (automated snapshots)
Cross-Region	Daily replication to DR region
DR Testing	Quarterly failover drills

Incident Response

Security Incident Handling

Response SLAs

Critical (P1)	15 min acknowledgment, 1 hour update
High (P2)	1 hour acknowledgment, 4 hour update
Medium (P3)	4 hour acknowledgment, 24 hour update
Low (P4)	24 hour acknowledgment

Notification

Affected customers are notified within 72 hours of confirmed breach per GDPR requirements. Status updates posted to status.waxell.ai during active incidents.

Vulnerability Disclosure

Report To	security@waxell.ai
PGP Key	Available on request
Response Time	24 hours acknowledgment
Safe Harbor	Good faith researchers protected

Scope

*.waxell.ai, *.waxell.dev
API endpoints
SDK packages (PyPI)

Data Privacy

Data Handling & Retention

Data Categories

Account Data	Email, name, org info
Usage Data	API calls, feature usage
Agent Data	Definitions, configurations
Execution Data	Inputs, outputs, logs
Workflow State	Checkpoints, context