Infrastructure

Hosted on Vercel (SOC 2 Type II, ISO 27001).
Database on Supabase (SOC 2 Type II). Row-Level Security on every tenant table.
All traffic over TLS 1.2+. HSTS enforced. Strict security headers.
Secrets stored in Vercel encrypted env, never committed.

Tenant isolation

Every record is scoped to a tenant identifier. Row-Level Security policies enforce isolation at the database layer — an application bug cannot leak another tenant's telemetry.

Authentication

Passwordless magic links via Supabase Auth.
Session tokens are HTTP-only, SameSite=Lax, Secure.
Admin actions require elevated role enforced server-side.

Telemetry & data handling

We process only the execution telemetry you send us — traces, spans, tool calls, token counts, and cost metadata.
Agentwell observes and alerts. It never sits in the critical path of your agents and never blocks, stops, or modifies them.
Model providers used internally are configured with zero-retention where available.
Customer data is never used to train foundation models.
We can disable ingestion or alerting per tenant during an incident on our side, affecting only our own pipeline — never your agents.

Payments

Payments processed by Stripe. Agentwell never sees full card numbers. Webhook signatures verified with idempotency keys to prevent replay.

Monitoring & response

Structured audit logs on all tenant-mutating actions.
Rate limiting on public and ingestion endpoints.
Documented runbooks: rollback, secret rotation, and per-tenant ingestion/alerting disable.

Report a vulnerability

Email security@agentwell.solutions. We acknowledge within 2 business days and will coordinate a fix before any public disclosure.