Security at Gavrun.
Security is foundational to what Gavrun does. We govern agent actions — which means we hold decision records, policy configurations, and audit trails that must be protected with the same rigour we apply to the data they safeguard.
Data in transit
All communication between Langman, Gavrun, and the console is encrypted with TLS 1.2 or higher. No decision data is transmitted over unencrypted channels.
Data at rest
Decision records, policy configurations, and audit logs are encrypted at rest. Access is scoped by workspace and credential — no cross-tenant data access is possible.
Credentials and API keys
Workspace keys are scoped to a single agent identity. Keys are hashed at storage — we cannot retrieve them after issuance. Rotate any key immediately from the dashboard if it is compromised.
Access control
- Role-based access — company admins, team admins, and read-only members have distinct permission scopes.
- All sign-in is authenticated via email verification or Google federation.
- Sessions are time-limited and revocable.
Agent Gateway (self-hosted)
When deployed via Agent Gateway on AWS, all decision data stays inside your own VPC. No call payload leaves your environment. You retain full control over encryption keys, network boundaries, and data residency.
Vulnerability disclosure
If you discover a security vulnerability in Gavrun, please report it to [email protected]. We aim to acknowledge reports within 48 hours and resolve critical issues within 14 days.
Compliance
Gavrun is working toward SOC 2 Type II certification. GDPR-aligned data handling is in place for all preview customers. Contact us for specific compliance questions.