Tenant isolation, audit chains, and a sub-processor list we publish.
We treat security as the moat. Foundation model improvements erode orchestration cleverness; they don't erode an honest compliance posture.
Tenant isolation
Schema-per-tenant
Per-tenant Postgres schema, separate IAM creds, separate vector namespace, per-tenant KEK in AWS KMS.
Audit retention
7 years
Append-only ledger with cryptographic chaining; periodic anchoring to S3 Object Lock for tamper-evidence.
Code sandbox
Firecracker microVMs
E2B-based hardware virtualization for agent-generated code execution. Container isolation is insufficient.
Compliance roadmap
We are pre-launch. Below is the timeline we've committed to. Numbers are conservative — we'd rather underpromise.
Sub-processors
We publish this list. 30-day notice before adding a sub-processor. Listed below are current and planned vendors as of v0.1.
Prohibited use (summary)
We refuse certain business categories at intake. This is enforced by a classifier, not by good intentions. See the full Acceptable Use Policy for details.
Security disclosures
Disclosure inbox: security@0h1bai.co — PGP key forthcoming.
Response SLA: Acknowledgement within 48h. Initial triage within 5 business days. Resolution timeline depends on severity.
Bug bounty: Private program launching alongside SOC 2 Type I. Prompt-injection findings are explicitly in scope.