Security is foundational,
not an afterthought.
When AI agents operate software on behalf of your users, security isn't a feature — it's the architecture. Every layer of Deck is built around isolation, encryption, and zero-trust principles.
SOC 2 Type II
Certified
Data Encrypted
In transit & at rest
SSO & SAML
Access controls
GDPR
Compliant
HIPAA
Ready
Every agent runs in complete isolation
Each session spins up a dedicated, ephemeral VM. No shared memory, no shared filesystem, no shared network. When the task completes, the VM is destroyed.
Encryption at every layer
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Credentials are stored in a PCI-compliant vault with per-tenant keys.
Zero-trust access controls
Only those who need access get it. Every access event is logged, monitored, and auditable. Internal access requires just-in-time approval.
Sandboxed execution
No lateral network access. Agents can only reach the target.
Action policies
Block deletions, cap spending, require approvals.
Session replay
Every session is recorded for full audit.
AI agent-specific safeguards
Agents operate in sandboxed VMs, actions are bounded by configurable policies, and sensitive operations require human approval.
Continuous compliance and monitoring
Our systems undergo continuous monitoring to proactively detect and prevent security threats. We maintain a thorough audit trail for all key actions, ensuring transparency and accountability.
Incident response
- Documented response plan
- Audited by PwC
- Tested annually
- Containment within hours
Penetration testing
- Annual third-party pen tests
- Continuous SAST & DAST scanning
- CSPM monitoring
- Findings triaged & remediated
Data retention
- Customer data deleted at end of service
- Backups permanently removed
- No recoverable copies
- Configurable retention policies
Infrastructure
- Hosted on Google Cloud Platform
- Subprocessors vetted against standards
- SOC 2 compliant vendors
- Region-specific data residency