AgentIA logo
AgentIA logo

Security

Security

How we protect your data and maintain enterprise-grade security.

Last updated: March 18, 2026
1

Security Overview

AgentIA is built with security as a foundational principle. We operate a browser-based SaaS platform that requires no local software installation, no browser extensions, and no native binaries. All data transmission occurs exclusively over HTTPS (TLS 1.2+) on TCP port 443.

2

Infrastructure & Hosting

AgentIA's web application is deployed on Vercel and its primary application database is hosted on Neon. Authentication is handled by Clerk. Transactional emails may be sent through Brevo, and mailing-list workflows may use MailerLite. Optional usage analytics may involve Google Analytics only when enabled for the deployment and accepted by the user.

3

Encryption

  • In transit: All data is encrypted using TLS 1.2 or higher. HTTPS is enforced site-wide with no fallback to HTTP.
  • At rest: Database storage is protected using provider-managed encryption at rest.
  • Secrets management: API keys, tokens, and credentials are stored as environment variables and are not committed to source code.
4

Authentication & Access Control

User authentication is primarily managed by Clerk. In pre-authentication flows, AgentIA may also use pseudonymous session identifiers to keep a user's draft selections associated with the same browser until sign-in or account linkage occurs.

Webhook payloads from Clerk are verified using Svix signature verification to prevent tampering.

5

Security Headers

AgentIA enforces the following HTTP security headers on all responses:

  • X-Frame-Options: DENY — prevents clickjacking
  • X-Content-Type-Options: nosniff — prevents MIME-type sniffing
  • Referrer-Policy: strict-origin-when-cross-origin — limits referrer leakage
  • Permissions-Policy: camera=(), microphone=(), geolocation=() — disables unnecessary browser APIs
  • Strict-Transport-Security — instructs browsers to prefer HTTPS
6

Data Handling & Isolation

  • User data is logically segmented using authenticated user IDs or pseudonymous session IDs, depending on the workflow stage.
  • AgentIA does not sell personal data to third parties for advertising or data-broker purposes.
  • Data access is limited to what is necessary to deliver, secure, and support the service.
  • We use Cloudflare Turnstile in selected forms to reduce bot abuse.
  • Optional analytics are collected only when configured for the deployment and accepted by the user.
7

Incident Response

AgentIA maintains an incident response process that includes:

  • Monitoring for unauthorized access and anomalous behavior
  • Internal triage, escalation, containment, and remediation procedures
  • Assessment of notification obligations under applicable law and contractual commitments, including GDPR Articles 33 and 34 where relevant
  • Post-incident review and remediation documentation
8

Security Contact

For security inquiries, vulnerability reports, or responsible disclosure:

Email: security@agentia.work

We aim to acknowledge legitimate security reports promptly, typically within two business days.