This page summarises the technical and organisational measures used to protect data across Agent Beluga’s website and services.
1. Infrastructure
- Cloud-hosted application infrastructure with network-level protections.
- Managed services for data storage and operational workloads.
- Logical separation of development and production environments.
2. Encryption
- TLS 1.2+ for data in transit (APIs and service communications).
- Encryption at rest provided by managed infrastructure (e.g., AES-256 where applicable).
3. Access controls
- Role-based access control (RBAC) and least-privilege access.
- Multi-factor authentication (MFA) for administrative access where available.
- Audit logging for administrative actions.
4. Secrets and API security
- Secrets stored using environment-based secret management.
- API keys are not exposed client-side.
- Authenticated and validated integration endpoints.
5. Monitoring and incident response
- Structured logging and error monitoring.
- Operational alerting for anomalous patterns.
- Documented incident response procedures for containment and remediation.
6. Compliance posture
We leverage reputable infrastructure providers with recognised assurance programs and certifications (such as SOC 2 Type II and ISO 27001) where applicable, alongside our own operational controls.
7. Contact
For security enquiries, contact support@agentbeluga.com.