How we protect your credentials and data.

All stored credentials are encrypted using AES-256-GCM. Encryption keys are managed via environment variables on Railway's infrastructure, isolated from application code.

All API traffic uses TLS 1.2+ (HTTPS only). HSTS headers enforce secure connections. No plaintext credential transmission.

BYOK and Agent Vault credentials are scoped per-agent and never shared across accounts. Rhumb-managed credentials are held by Rhumb and never exposed to agents.

API keys, tokens, and secrets are never written to application logs, error reports, or analytics. Request bodies containing credentials are redacted before logging.

Agent Vault credentials support rotation without downtime. BYOK credentials are managed by the agent operator.

Governed API key and wallet-prefund repeat traffic authenticate with X-Rhumb-Key. x402 per-call uses X-Payment from the payer wallet. BYOK and Agent Vault provider-control paths route through provider-scoped credentials via Rhumb. Session cookies are HttpOnly, Secure, SameSite=Strict.

Per-agent rate limiting on all endpoints. Execution endpoints have stricter limits. 429 responses include Retry-After headers.

All inputs are validated and sanitized. SQL injection, XSS, and path traversal protections are enforced.

Standardized error envelope with request_id for traceability. Resolution guidance in every error response. No stack traces or internal details in production errors.

Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, and Permissions-Policy headers on all responses.

On-chain payment proofs are validated for uniqueness. The same transaction hash cannot be used for multiple executions.

Request and response payloads for executed capabilities are proxied in real-time and not stored. Rhumb logs execution metadata (timestamp, capability, cost, status) but not the payload content.

AN Scores, reviews, and service metadata are public by design. No personal data is included in scoring.

Minimal data collection: email address for account creation, governed API key for authentication. No phone numbers, addresses, or payment details stored by Rhumb (Stripe handles payment data).

Application infrastructure runs on Railway (US regions). Database on Supabase (AWS us-east-1). All data is currently US-hosted.

Account deletion removes all associated data: governed API keys, execution logs, billing records, and stored credentials. Contact team@supertrained.ai to request deletion.

If the billing system is unreachable, managed executions are blocked — never executed without confirmed payment. This is a hard architectural constraint, not a configuration option.

Payment card processing is handled entirely by Stripe. Rhumb never sees, stores, or processes card numbers. PCI compliance is delegated to Stripe.

On-chain payments are verified against the Base network. Contract address, amount, sender, and confirmation status are all validated before execution proceeds.

Per-agent budget limits, daily execution caps, and upstream provider budget tracking prevent runaway costs. Agents can set their own spend caps.

API on Railway (auto-scaling, isolated containers). Frontend on Vercel (edge-deployed). Database on Supabase (managed PostgreSQL with Row Level Security).

Automated deployments from GitHub. No manual server access. Infrastructure-as-code configuration.

Application health monitoring, error tracking, and uptime checks. Public status page at rhumb.dev/status.

Documented runbooks for Supabase outage, proxy provider failure, billing failure, x402 settlement failure, and deployment rollback scenarios.

Data minimization, deletion on request, no unnecessary data collection. Privacy policy documents all data processing. DPA available on request for enterprise customers.

California Consumer Privacy Act compliance: data disclosure, deletion, and opt-out rights documented in privacy policy.

Planned for evaluation. Timeline will be published when engagement is confirmed with an auditing firm.

Follows Type I. Requires 6+ months of continuous control evidence.

Not currently available. Will be evaluated based on customer demand.