Skip to main content

Security Overview

Security is foundational to ASG Agent Cloud.

Core Principles

1. Non-Custodial

We never hold your private keys. All transactions are signed client-side.

2. Isolated Execution

All code runs in isolated environments:
  • Sandboxes have no network access (except allowlist)
  • GPU pods are isolated per-tenant
  • Serverless jobs run in ephemeral containers

3. Defense in Depth

Multiple layers of security:
  • Network isolation
  • Rate limiting
  • Budget enforcement
  • Audit logging

Data Handling

Data TypeRetentionEncryption
Request logs30 daysAt rest + in transit
Receipts90 daysAt rest + in transit
Code execution0 (ephemeral)In transit only

Authentication

Authentication is via Solana wallet signature:
  1. Sign a message with your wallet
  2. Include signature in requests
  3. ASG verifies on-chain
No API keys, no passwords, no sessions.

Infrastructure

  • TLS 1.3 on all endpoints
  • SOC2 Type II compliance (in progress)
  • Regular penetration testing
  • 24/7 monitoring

Rate Limiting

Built-in protection against abuse:
  • Per-wallet request limits
  • Concurrent execution limits
  • Budget caps per run

Vulnerability Disclosure

Found a vulnerability? Please report responsibly.

Security Policy

Read our full security disclosure policy

Compliance

StandardStatus
SOC2 Type IIIn progress
GDPRCompliant
CCPACompliant

Authentication

Wallet-based authentication

Data Handling

How we handle your data