How we protect
your signed event spans.
This page describes the actual controls in place. Each claim is specific and verifiable.
Signed event spans only. No model weights stored. No training on customer data.
AES-256 encryption
At rest and in transit. No exceptions.
Row-level tenant isolation
Database-enforced on every query.
AWS BAA in force
SOC 2 Type II in progress, targeted Month 18.
Five layers. Each one independent.
No single control carries the whole load. If one layer is bypassed, the others still hold.
Your data never touches another tenant.
Isolation is structural, not configuration. Every table carries organization_id and every query is filtered by it at the database layer.
- Row-level security on every table. Supabase RLS policies are enforced at the Postgres layer. Application code cannot disable them.
- BEFORE UPDATE and DELETE triggers. Database triggers reject modification of immutable records even from service_role connections, which bypass RLS.
- Per-organization Ed25519 keypair. Each tenant signs events with its own private key. The corresponding public key is published so regulators and auditors can verify the chain without trusting the vendor.
- No shared storage paths. S3 object keys are prefixed by organization_id. One tenant cannot construct a valid path to another tenant's files.
AES-256 at rest. TLS in transit.
Every byte stored and every byte moving between your browser and our infrastructure is encrypted. There is no unencrypted path.
- AES-256 at rest. Applied to signed event payloads on S3, account metadata, signed event metadata, and generated evidence packs.
- TLS 1.2 minimum, TLS 1.3 where supported. All API traffic, file uploads, and presigned S3 URLs require TLS. Unencrypted connections are rejected.
- Ed25519 signature on every event. Each event is signed at write time with the customer organization's per-tenant private key. Signatures are verified on every read.
- Schema validation at the ingest gate. Event payloads are validated against the OpenTelemetry GenAI semantic conventions before persistence. Malformed spans are rejected.
Signed events cannot be altered after ingest.
Once an event passes signature verification, it is locked at the infrastructure level. No code path on the platform can overwrite or delete it during the retention window.
- AWS S3 Object Lock. Object Lock in COMPLIANCE mode prevents any deletion or overwrite for the retention period, including by Invistiq service-role admins. AWS BAA is in force.
- Per-organization Merkle log. Every signed event is chained into a per-tenant Merkle log. Roots are committed on a rotation cadence and persisted alongside the signed payloads.
- Configurable retention floor. Default seven years. Configurable to match Article 19 (six months), Article 18 (ten years), HIPAA (six), and FINRA 17a-4 (three to six).
- Append-only at the database trigger layer. BEFORE UPDATE and BEFORE DELETE triggers reject mutation of signed-event tables even from service-role connections.
Every action is recorded and permanent.
The audit log is append-only at the database level. No privilege level can update or delete an entry once written.
- Append-only audit_logs table. Postgres triggers reject all UPDATE and DELETE on audit_logs regardless of the caller's role.
- Covered events. Login, logout, failed login, SDK key issue, event ingest (sampled), evidence-pack export, retention sweep, and admin actions.
- Ed25519 verification on every ingest. Each incoming event must verify against the organization's public key before persistence. Failed verifications are rejected and logged.
- Independent third-party verifiability. Regulators and auditors can verify the entire Merkle chain against your published public key. No vendor trust required.
HIPAA-ready controls. SOC 2 Type II in progress.
We are building toward independent certification, not retrofitting later. The controls described on this page are in production today.
- AWS BAA in force. The BAA covering event storage on S3 is in place. Healthcare AI customers must execute a customer-side BAA before sending any events that could contain PHI.
- SOC 2 Type II in progress. Independent audit is on the compliance roadmap. We are not claiming certification we do not have.
- 30-minute session timeout. Sessions expire after 30 minutes of inactivity. A 60-second warning fires before logout. Re-authentication is required to resume.
- No customer model weights stored. Invistiq captures the events your agents emit. We never receive model weights, training data, or any artifact other than the signed event payloads your SDK or webhook sends.
- Security headers. X-Frame-Options, HSTS, X-Content-Type-Options, and Referrer-Policy are set on every response.
Hard limits, by design.
These are not policy decisions. They are architectural constraints built into the product from day one.
No customer model weights
Invistiq captures signed event spans only. We never receive model weights, training data, or any artifact beyond what your SDK or webhook sends. There is no code path that pulls model state.
No event modification after ingest
Signed event payloads are never altered after they pass signature verification. Annotations and human overrides are recorded as separate events that chain forward. The original signed event stays exactly as your SDK emitted it.
No silent audit overwrites
Audit log entries cannot be updated or deleted by any role, including service_role. Postgres triggers enforce this at the database level. The record is permanent.
We answer security questions directly.
If you need specifics on a control, want to review our architecture, or have found a potential issue, email us. We respond within one business day.
Security questions
Architecture reviews, control specifics, vulnerability reports.
security@invistiq.comEnterprise and compliance documentation
Custom security reviews, BAA chain confirmation, compliance documentation for procurement.
Contact pageSpecific controls. Nothing hidden.
Every Charter seat includes full encryption, tenant isolation, and signed event chains. Apply for a seat during pilot.
Eight Charter seats. The ninth applicant pays the $18,000 list, every year, forever. Apply now.