← Back to Dashboard

Security

How we protect your data and your agents

Infrastructure Security

Thinklio is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification. All environments are isolated per customer with dedicated compute and storage resources within your selected data region.

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Network segmentation with zero-trust architecture
  • Automated vulnerability scanning and patching
  • DDoS mitigation and WAF protection
  • 99.9% uptime SLA with multi-AZ redundancy

Agent Governance

The Thinklio platform provides multiple layers of governance to ensure AI agents operate within defined boundaries:

  • Policy enforcement: Every agent action is evaluated against your organization’s policy framework before execution
  • Budget controls: Per-agent daily budget limits with automatic enforcement at 75% (warning) and 100% (hard stop)
  • Knowledge scope isolation: Agents can only access knowledge within their assigned team scope
  • Approval workflows: High-risk actions (external communications, elevated access) require human approval
  • Delegation limits: Configurable depth limits on agent-to-agent delegation with cycle detection

Audit and Compliance

Every action on the platform is logged in an immutable audit trail:

  • Full audit log of all agent actions, policy decisions, and user activity
  • Tamper-evident logging with cryptographic integrity verification
  • Configurable data retention (up to 36 months)
  • CSV export for external compliance reporting
  • Real-time alerting on policy denials and approval requests

Authentication and Access Control

  • SSO integration via SAML 2.0 and OIDC
  • Multi-factor authentication (MFA) enforced for all accounts
  • Role-based access control (Organization Admin, Team Admin, Member)
  • API key management with prefix-based identification and rotation support
  • Session management with configurable timeout and IP restrictions

LLM Provider Security

When your agents interact with LLM providers:

  • All requests are made over encrypted channels (TLS 1.3)
  • API keys are stored in a hardware security module (HSM)
  • Enterprise data processing agreements in place with all providers
  • No customer data is used for model training
  • Provider traffic is routed through your selected data region where supported

Incident Response

Thinklio maintains a documented incident response plan with:

  • 24/7 on-call security engineering team
  • Automated alerting and escalation procedures
  • Customer notification within 72 hours of a confirmed data breach
  • Post-incident reviews and public transparency reports

Certifications and Compliance

  • SOC 2 Type II certified
  • GDPR compliant (EU data region available)
  • ISO 27001 certification in progress
  • Annual third-party penetration testing

Responsible Disclosure

If you discover a security vulnerability, please report it to security@thinklio.com. We operate a responsible disclosure program and will acknowledge reports within 48 hours.

For security inquiries, contact security@thinklio.com