Security is foundational to what Gavrun does. We govern agent actions — which means we hold decision records, policy configurations, and audit trails that must be protected with the same rigour we apply to the data they safeguard.
All communication between Langman, Gavrun, and the console is encrypted with TLS 1.2 or higher. No decision data is transmitted over unencrypted channels.
Decision records, policy configurations, and audit logs are encrypted at rest. Access is scoped by workspace and credential — no cross-tenant data access is possible.
Workspace keys are scoped to a single agent identity. Keys are hashed at storage — we cannot retrieve them after issuance. Rotate any key immediately from the dashboard if it is compromised.
When deployed via Zumie Gateway on AWS, all decision data stays inside your own VPC. No call payload leaves your environment. You retain full control over encryption keys, network boundaries, and data residency.
If you discover a security vulnerability in Gavrun, please report it to [email protected]. We aim to acknowledge reports within 48 hours and resolve critical issues within 14 days.
Gavrun is working toward SOC 2 Type II certification. GDPR-aligned data handling is in place for all preview customers. Contact us for specific compliance questions.