LEGAL · SECURITY

Security & Trust

How Bytevon secures its own systems and the agentic systems it builds — described in concrete terms, with our compliance posture stated honestly.

Last updated · May 1, 2026

HOW WE SECURE IT

Concrete practices, not assurances.

Identity & least privilege

Every agent and every operator has a scoped identity. Access is least-privilege by default and enforced at the point of action, not assumed from network position.

Append-only audit

Actions across the systems we build are written to a tamper-evident, append-only log. The audit trail exists before an agent acts — so there is always a record of what happened and why.

Sandboxed execution

Untrusted operations run network-isolated and read-only by default. Tool access is granted explicitly, per action, under policy — never ambient.

On-prem & data sovereignty

Deployments can run entirely on your infrastructure, including air-gapped. Our on-prem document-AI pipeline runs with no cloud dependency for a regulated, data-sovereign customer.

Encryption

Data is encrypted in transit (TLS 1.2+) and at rest. Secrets are managed through a dedicated secrets manager, never checked into source.

SSO & access control

SSO via OIDC and SAML, with RBAC for standard cases and dept-scoped ABAC where finer-grained control is required.

SOC 2 · in progressGDPR · DPA availableOn-prem · supportedPen-test · annual

Our approach

Security is not a phase at Bytevon — it is the enforcement plane we build the whole system on. The same principles we apply to customer deployments (identity, least privilege, sandboxing, audit) we apply to our own systems.

This page states our posture honestly. Where a certification is in progress rather than complete, we say so. If you need evidence for a vendor review, we will share what we have under NDA.

Reporting a vulnerability

We welcome reports from security researchers. Email security@bytevon.com with details and reproduction steps. We will acknowledge within two business days, keep you updated, and will not pursue action against good-faith research conducted within the bounds described in our Terms.

Subprocessors

For cloud-hosted deployments we rely on a small set of infrastructure subprocessors (hosting, transactional email, error monitoring). A current list is available to customers on request and is referenced in the Data Processing Addendum. On-prem deployments use no third-party subprocessors.

Security contact

security@bytevon.com for vulnerability reports and security questionnaires.

VENDOR REVIEW?

We'll walk security through your questionnaire.

Book a session and bring your security team. We answer in concrete terms and share evidence under NDA.

Connect Us See Agent Security