Security Overview
Security is foundational to ASG Agent Cloud.Core Principles
1. Non-Custodial
We never hold your private keys. All transactions are signed client-side.2. Isolated Execution
All code runs in isolated environments:- Sandboxes have no network access (except allowlist)
- GPU pods are isolated per-tenant
- Serverless jobs run in ephemeral containers
3. Defense in Depth
Multiple layers of security:- Network isolation
- Rate limiting
- Budget enforcement
- Audit logging
Data Handling
| Data Type | Retention | Encryption |
|---|---|---|
| Request logs | 30 days | At rest + in transit |
| Receipts | 90 days | At rest + in transit |
| Code execution | 0 (ephemeral) | In transit only |
Authentication
Authentication is via API key:- Create an API key in the Console
- Include
Authorization: Bearer <api_key>in every request - Your Solana wallet is used only for payments — not for auth
Infrastructure
- TLS 1.3 on all endpoints
- SOC2 Type II compliance (in progress)
- Regular penetration testing
- 24/7 monitoring
Rate Limiting
Built-in protection against abuse:- Per-key request limits
- Concurrent execution limits
- Budget caps per run
Vulnerability Disclosure
Found a vulnerability? Please report responsibly.Security Policy
Read our full security disclosure policy
Compliance
| Standard | Status |
|---|---|
| SOC2 Type II | In progress |
| GDPR | Compliant |
| CCPA | Compliant |
Related
Authentication
API-key authentication
Data Handling
How we handle your data