Skip to main content

Security

Last updated: March 22, 2026

1. Data Encryption

All data transmitted between your browser, your customers, and our servers is encrypted using TLS (Transport Layer Security). Data stored in our databases is encrypted at rest using AES-256 encryption. This applies to conversation logs, knowledge bases, account information, and API keys.

2. AI Model Security

Conversations are processed by Claude, built by Anthropic. Anthropic does not use data submitted through the API to train its models. No personally identifiable information (PII) from your conversations is stored in model weights. Each conversation is processed in isolation and is not accessible to other customers.

3. Authentication & Access

All API access is authenticated using API keys. Keys are generated using cryptographically secure random number generators and are hashed before storage — we never store plaintext API keys. Rate limiting is enforced on all endpoints to prevent abuse and brute-force attacks. Access to production systems is restricted to authorized personnel only.

4. Infrastructure

AgentErgon runs on dedicated VPS infrastructure with isolated environments for each service. Our PostgreSQL databases use encryption at rest and are backed up regularly. Backups are stored in geographically separate locations. All servers run hardened operating system configurations with automatic security updates enabled.

5. Third-Party Security

We carefully vet every third-party service integrated into the platform:

  • Stripe: Handles all payment processing and is PCI DSS Level 1 certified. We never store credit card numbers.
  • Twilio: Provides SMS delivery. SOC 2 Type II certified.
  • Resend: Handles transactional email delivery. SOC 2 certified.
  • Anthropic: Processes AI conversations. Does not train on API data. See Anthropic's privacy policy.

6. Data Ownership

You own all data you provide to AgentErgon, including knowledge bases, conversation logs, and business information. We do not claim any intellectual property rights over your content. If you request account deletion, all associated data is permanently removed from our systems within 30 days.

7. Responsible AI

AgentErgon is built with responsible AI practices at its core:

  • AI disclosure: All agents clearly identify themselves as AI systems in compliance with California SB 243, Colorado AI Act, and Washington HB 2225.
  • Human handoff: Every agent supports seamless handoff to a human operator when a customer requests it or when the conversation exceeds the agent's capabilities.
  • Safety responses: Agents use templated safety responses for sensitive topics, ensuring consistent and appropriate handling of edge cases.

8. Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly by emailing security@agentergon.com. We take all reports seriously and will respond within 48 hours. Please do not publicly disclose vulnerabilities until we have had the opportunity to address them.