AlgorithmShift

Trust

Security overview

Last updated: April 20, 2026

An honest rundown of how AlgorithmShift is built, what we protect, and what's still on the compliance roadmap. We're an early-access company moving toward SOC 2 Type II — this page will tighten as the audit closes.

1. Security posture

Our north-star principles:

  • Tenant isolation is mechanical, not procedural. We rely on the database, not a runtime check, to enforce it.
  • Least privilege, default deny. A service, an agent, or a human should only ever have the access they demonstrably need.
  • Auditability is a feature. Every agent run, every approval, every applied migration generates a record the customer can export.
  • Honest disclosure.We publish incidents and keep this page current. If something hasn't shipped, it says so.

2. Architecture & isolation

Primary infrastructure runs on AWS in us-east-1, with region-pinning available for Enterprise customers. The service is multi-tenant by default:

  • Row-level tenancy in Postgres. Every table with customer data carries a tenant_id; row-level security policies make cross-tenant reads physically impossible from an application connection.
  • Schema-per-tenant for workspace databases. Workspace databases get their own Postgres schema (or dedicated DB on Enterprise), with credentials pinned to that scope.
  • Per-tenant sandboxes. Generated-code sandboxes run inside E2B with dedicated filesystems and network scopes. Each sandbox is ephemeral and tied to a single app.
  • Dedicated tenant / region. Enterprise customers can run in a dedicated account / region pair with a separate Anthropic zero-retention agreement.

3. Encryption

  • In transit: TLS 1.2+ everywhere (public, internal service-to-service, and workspace DB connections). HSTS on every public origin.
  • At rest: AES-256 on platform databases, S3 artifact storage, and backup snapshots.
  • Secrets: API keys, connection strings, OAuth tokens live in AWS Secrets Manager with per-environment KMS keys — never in application databases.
  • Key management: CMK rotation annually; automated where the provider supports it.

4. Authentication & MFA

  • Password accounts require 12+ characters with breach-list checking. MFA available on all tiers; required on Enterprise.
  • SSO (SAML 2.0, OIDC) available for Team and Enterprise. SCIM provisioning on Enterprise.
  • Session tokens are short-lived; refresh tokens are revocable per-device from account settings.

5. Authorization & RBAC

Access to platform resources is governed by a role-based system scoped to the workspace:

  • Owner — full control including billing + members.
  • Admin — manage apps, environments, integrations.
  • Developer — build and run agents, review code.
  • Reviewer — approve phases, read everything.
  • Viewer — read-only.

Enterprise customers can define custom roles and scope them to environments (e.g. “can run migrations in staging but not production”).

6. AI safety & data handling

  • No foundation-model training on your data. Our agreement with Anthropic (and any future model vendor) includes zero-retention on API inputs and outputs.
  • Per-tenant prompt isolation. Prompts carry tenant scoping; we do not mix prompts across customers or use them to train our own prompt templates without explicit consent.
  • Tool-call sandboxing. When agents call your tools (APIs, databases), calls are logged and — for destructive operations — gated behind approval policies.
  • Migration safety. Platform never writes to an environment marked export_only. managed mode is the default only for environments named dev.

7. Audit logging

  • Every agent run records the actor, inputs, outputs, token usage, and cost.
  • Every approval carries the reviewer's identity and timestamped decision.
  • Every applied migration records the hash of the file at apply time — enabling drift detection across environments.
  • Enterprise customers can stream the full audit log to their SIEM (S3, GCS, Splunk, Datadog) via signed webhook or bucket delivery.

8. Vulnerability management

  • Automated dependency scanning on every merge to main (Snyk + GitHub Dependabot).
  • Static application security testing (SAST) on every PR.
  • Quarterly external penetration test; results shared with Enterprise customers under NDA.
  • Patch SLA: critical within 48 hours, high within 7 days, medium within 30 days.

9. Incident response

We maintain a documented incident-response plan with named owners and escalation paths. Practices:

  • On-call rotation with 24/7 page-able coverage for security and availability incidents.
  • Affected customer notification within 72 hours of a confirmed data-security incident (sooner for Enterprise SLAs).
  • Post-incident review published for every severity-1 event. Status history available at status.algorithmshift.ai.

10. Sub-processors

We use a small set of vendors to operate the service. Each is bound by a DPA and vetted for their own security posture.

  • AWS — compute, storage, networking, secrets.
  • Anthropic — foundation-model inference (zero retention).
  • E2B — ephemeral sandbox execution environments.
  • Vercel / Cloudflare — public-facing edge delivery.
  • Stripe — billing for Team tier.
  • Customer-configured identity — Okta, Google, Azure AD, etc. (you choose).

New sub-processors are announced 30+ days before they touch production data.

11. Compliance roadmap

  • SOC 2 Type II — audit in progress; target completion Q3 2026. Type I report available on request.
  • GDPR — compliant posture; SCCs in place for EU/UK transfers. See Privacy policy.
  • CCPA / CPRA — compliant posture; no sale of personal data.
  • HIPAA — roadmap for Enterprise customers in regulated industries; BAA not yet available.
  • ISO 27001 — on the roadmap after SOC 2 Type II.

12. Responsible disclosure

If you believe you've found a security issue, email security@algorithmshift.ai (PGP key on request). We respond within 2 business days, fix with the patch SLAs above, and publicly credit researchers who want it.

Please do nottest on production customer data or perform automated scanning at high volume without written permission — contact us first and we'll coordinate a scope.

13. Contact

Security matters: security@algorithmshift.ai. Privacy: privacy@algorithmshift.ai. General inquiries: hello@algorithmshift.ai.

Note — customers in regulated industries can request a current SOC 2 report, DPA, and penetration-test summary under NDA. Enterprise accounts include quarterly trust reviews.