Trust & Security — Agent Readiness Platform

99.9%

Uptime Target

Active

SOC 2

Compliance

In Progress

Encrypted

Data at Rest

Active

Configurable

Data Retention

Per Customer

Data Handling

🗄

Evaluation Data Storage

All evaluation data (scenarios, vendor profiles, agent traces, scores, and reports) is stored in PostgreSQL on Heroku. Data is encrypted at rest using AES-256. Each evaluation is isolated by customer ID.

🛡

No Customer Credentials Stored

We never store your credentials, API keys, or passwords. Sandbox execution environments use injected secrets that are ephemeral and never persisted. Your product is only evaluated through publicly accessible information.

⏳

Data Retention

Data retention is configurable per customer. By default, evaluation data is retained for 90 days. Enterprise customers can configure custom retention periods or request immediate deletion.

LLM Provider Data Handling

Agent Readiness Platform uses three LLM providers to run buying simulations. When we call these APIs, evaluation context (vendor names, URLs, publicly available product information) is sent to the respective provider.

OpenAI (GPT-5.4) — Data subject to OpenAI API data usage policies. API data is not used for training.
Anthropic (Claude Opus 4.6) — Data subject to Anthropic's usage policy. API data is not used for training.
Google (Gemini 3.1 Pro) — Data subject to Google AI terms. API data is not used for training by default.

We only send publicly available information (website content, pricing pages, documentation) to LLM providers. No private customer data is included in LLM prompts.

Safe Simulation Practices

✅

Diagnostic Only

All automation is purely diagnostic. We simulate an AI agent's buying journey by reading publicly available web pages. We never create accounts, submit forms, make purchases, or perform any destructive actions on vendor websites.

✅

Low Volume

Evaluations make a small number of HTTP requests to vendor websites (typically under 50 page loads per vendor per evaluation). This is comparable to a single human browsing the site and well below any rate-limiting thresholds.

✅

No Login Attempts

We never attempt to log into vendor products, bypass authentication, or access protected areas. All evaluation is based on publicly accessible information: marketing pages, docs, pricing, and public API documentation.

Infrastructure

The Agent Readiness Platform runs on industry-standard, trusted infrastructure:

Heroku (Salesforce company) — Application hosting with automatic TLS, DDoS protection, and SOC 2 compliance
PostgreSQL (Heroku Postgres) — Primary database with automated backups, encryption at rest, and point-in-time recovery
Redis (Heroku Redis) — Task queue and caching with TLS encryption
TLS 1.3 — All data in transit is encrypted via HTTPS

Compliance

SOC 2 Type II

Status: In progress. We are actively working toward SOC 2 Type II certification. Our infrastructure providers (Heroku/Salesforce) are SOC 2 certified. We expect to complete our own certification by Q4 2026.

GDPR

We process minimal personal data. Evaluation data consists of publicly available product information. We will provide a Data Processing Agreement (DPA) upon request for Enterprise customers.

Responsible AI

Our AI agent simulations follow responsible AI principles. Agents are instructed to behave as honest evaluators. All agent outputs are transparent and traceable through the run trace API.

Security Questions?

Our team is happy to answer any questions about our security practices, complete security questionnaires, or discuss custom requirements for your organization.

Contact security@agentreadiness.com