Trust
Trust Center
This page summarizes how we handle data and prove decisions in AgentTrust.
Policy summaryData boundariesOperational safeguardsDisclosure process
AgentTrust is built to capture decision evidence for governance while limiting unnecessary data collection. We focus on what reviewers need to verify actions, ownership, and outcomes.
What AgentTrust logs
- Action request metadata and decision outcome.
- Policy result, review requirement, and reason code.
- Reviewer identity and approval timestamp when review is required.
What AgentTrust does NOT store by default
- Full payload bodies that are unrelated to policy decisions.
- Long-lived elevated credentials outside approved windows.
- Undocumented overrides without an attributable reviewer.
Data retention & exports
- Retention windows are plan-based and visible on the pricing page.
- Teams can export decision records for internal review workflows.
- Trace IDs are included to support incident investigations.
Access control & authentication
- Review actions are tied to authenticated user identity.
- Higher-risk actions can require explicit human approval.
- Access scope is limited to what the approved task needs.
Operational security
- Risky actions fail closed when required checks are unavailable.
- Decision receipts keep an audit trail of request, decision, and owner.
- Teams can review control outcomes through a consistent workflow.
Responsible disclosure
- Report vulnerabilities through our disclosure channel.
- Include reproduction steps and impact context where possible.
- We acknowledge reports and coordinate remediation updates.
Example
Decision Receipt (redacted)
traceId=trc_01hq8xx7k2 action=vendor_payment_update decision=needs_approval reason=approval_required approved_by=[redacted] access_scope=billing/write access_window=15m
Contact security
For security questions, use /contact or review our responsible disclosure process.
Learn more: Privacy · Terms · Architecture · How it works