Chariot
// Trust Center

Security and privacy, built into the architecture.

Everything your security, legal, and procurement teams need to evaluate Chariot — the isolation model, our certifications, how we handle data, and the documents to back it up.

SOC 2 · IN PROGRESSHIPAAGDPR99.9% UPTIME
// Certifications & attestations
·
SOC 2 Type II

Independent audit of our security, availability, and confidentiality controls, mapped to the Trust Services Criteria.

IN PROGRESS
HIPAA

Administrative, physical, and technical safeguards for protected health information.

ATTESTED
GDPR

EU data-protection obligations met, with a Data Processing Agreement available.

COMPLIANT
CCPA

California consumer-privacy rights honored, with documented data-subject workflows.

COMPLIANT
// The differentiator

Isolation by design, not by policy.

Every agent runs in its own sealed, persistent workspace. There is no shared memory, no shared network path, and no route by which one user's agent can reach another user's data. Privacy isn't a setting you trust us to keep — it's the shape of the system.

Scoped context, skills, and tools per agent — least privilege by default.
No customer data is used to train shared models.
Every action is observable, logged, and replayable.
isolation ~ policy
enforced
App-controlled access inALLOWED
Public ingress✕ BLOCKED
Outbound internet & toolsGATED
Agent → agent data flow⊘ ISOLATED
Data at rest & in transitENCRYPTED
// Data handling & privacy

How your data is stored, moved, and retired.

Encryption everywhere

TLS 1.2+ in transit and AES-256 at rest, with managed key rotation.

No training on your data

Customer and end-user data is never used to train shared or third-party models.

Data residency

Choose where data is processed and stored, with region-pinned deployments.

Retention & deletion

Configurable retention windows and verifiable deletion on request or offboarding.

Published subprocessors

A current list of subprocessors, with advance notice of any material change.

Data minimization

Agents see only the scoped context they need — nothing broader is ever exposed.

// Access control
SSO / SAML & SCIM provisioning
Role-based access & least privilege
Tamper-evident audit logs
No standing access; just-in-time, reviewed
// Reliability
reliability ~ slo
multi-region
99.9%
measured uptime, multi-region
24/7 monitoring with documented incident response.
Public status page and proactive incident comms.
Encrypted backups with tested disaster recovery.
// Due-diligence documents

Everything your reviewers ask for.

Request access
SOC 2 reportON REQUEST
Security whitepaperON REQUEST
Data Processing Agreement (DPA)ON REQUEST
Business continuity & DR planON REQUEST
Penetration test summaryON REQUEST
Subprocessor list & architecture overviewON REQUEST
// Responsible disclosure

Found something? Tell us.

We welcome reports from security researchers and triage every submission. Encrypt sensitive details with our published PGP key.

security@go-chariot.com

Talk to our security team.

Get the full document set, a custom questionnaire response, or a live architecture review.