Practices
How We Protect Your Data
Every layer of the stack, secured by design.
Cryptographic Identity
- Ed25519 keypairs for all agent identities — fast, compact, and timing-attack resistant
- Private keys generated and returned once, never stored on Vorim AI servers
- SHA-256 fingerprints for identity verification across all interactions
- Key rotation support — revoke and re-register agents without data loss
Encryption
- All data in transit encrypted with TLS 1.3
- All data at rest encrypted with AES-256
- Database connections secured with SSL and network isolation
- Redis connections authenticated and encrypted
Authentication & Access
- Passwords hashed with bcrypt (cost factor 12)
- JWT tokens with short-lived access (15 min) and refresh rotation
- API keys scoped to organizations with SHA-256 hashed storage
- Multi-tenant isolation — all queries scoped to organization ID
Audit & Monitoring
- Immutable audit event chain with SHA-256 hash linking
- Signed audit bundles with cryptographic manifests
- TimescaleDB for high-throughput, append-only event storage
- Real-time monitoring with structured logging (pino)
Infrastructure
- PostgreSQL 16 with row-level security declarations
- Redis 7 for permission caching with TTL-based expiration
- Kafka (KRaft mode) for event streaming — no Zookeeper dependency
- Docker-based deployment with isolated network configuration
Compliance
- Tamper-proof audit bundles for regulatory submissions
- Configurable data retention policies per plan
- Data export in JSON, CSV, and PDF formats
- Designed for SOC 2, GDPR, and emerging AI governance frameworks