Trust & Compliance
ThetaZero Trust Pack
Architecture overview, security model, audit trail samples, and compliance documentation for enterprise security reviews and legal due diligence.
✓ TLS 1.2+ in Transit
✓ AES-256-GCM at Rest
✓ TEE Isolated Execution
✓ Immutable Audit Trail
⧗ SOC 2 Type II — In Progress
Architecture Overview
How agent execution flows through the ThetaZero stack
Client Layer
Browser / API Client
HTTPS · JWT auth · TLS 1.2+
↓ encrypted HTTPS
API Layer
Express.js API Gateway
Rate limiting · JWT validation · Multi-tenant isolation
↓ authenticated request
Orchestration Layer
Agent Executor
Task queue · Context prep · Execution record
→
AuditChain
Merkle-hashes every 60s — tamper-evident audit log
↓ sandboxed task dispatch
Compute Layer — TEE Sandboxed
🔐 Theta EdgeCloud TEE Node
Hardware-enforced memory isolation · Encrypted enclave · No host-OS access
→
MCP Tool Bus
GitHub · Gmail · Browser · Custom tools — scoped permissions
↓ streamed logs + outputs
Storage Layer
PostgreSQL (Neon)
Execution logs · Encrypted OAuth tokens · Cost tracking
→
AuditChain Store
Merkle-hashed audit log · Tamper-evident execution records
Key isolation guarantee: Each agent task runs in its own isolated execution context. No cross-tenant memory access is possible by design — tasks are dispatched as sealed enclaves and results are cryptographically signed before being written to the audit log.
Security Model
TEE isolation, encryption, and access control in depth
Encryption at Rest
All OAuth tokens and user secrets stored with AES-256-GCM. Encryption key managed via environment vault, never committed to source. Database fields containing credentials are individually encrypted — exposure of the DB file yields no plaintext secrets.
Encryption in Transit
TLS 1.2+ on all connections: browser → API, API → database, API → EdgeCloud nodes. HTTP is not accepted — all traffic is automatically redirected to HTTPS. Certificate pinning recommended for enterprise SDK clients.
Theta TEE Isolation
Agent tasks run inside Theta EdgeCloud Trusted Execution Environments. Memory is hardware-isolated — the host OS, hypervisor, and other tenants cannot access enclave memory. Execution inputs and outputs are sealed and signed.
JWT Authentication
Session tokens use HMAC-SHA256 signing with 7-day expiration. No server-side session state — stateless validation on every request. API keys are SHA-256 hashed before storage; plaintext keys are shown exactly once at creation.
Multi-Tenant Isolation
Company-scoped middleware enforces row-level tenant isolation on every database query. A user with valid credentials cannot access another company's data. All queries are parameterized — SQL injection is structurally impossible.
Tamper-Evident Audit Anchoring
Every 60 seconds, AuditChain aggregates execution log hashes into a Merkle tree and seals the root. This creates a tamper-evident, cryptographically verifiable record of all agent activity.
Key Management
AES-256-GCM encryption key stored in environment vault. Rotation supported via re-encryption migration scripts. Never persisted in code or logs.
OAuth Token Handling
Third-party OAuth tokens (GitHub, Gmail, etc.) are individually encrypted at write time and decrypted only for the authenticated request context. Zero plaintext at rest.
Rate Limiting
Authentication endpoints: 10 req/min. Agent execution: scoped by plan tier. Demo endpoints: 3 req/day per IP. Prevents brute-force and abuse.
Audit Log Retention
All agent execution logs retained for 90 days in-database, with Merkle-hashed audit records retained permanently. Enterprise plans support custom retention windows.
- Parameterized SQL queries — SQL injection structurally impossible
- CSRF state-parameter validation on all OAuth callback flows
- CORS restricted to allowlisted origin domains
- Content-Security-Policy headers served on all HTML responses
- Dependency vulnerability scanning on every CI build
- Production database access restricted to application servers only — no public exposure
- Environment variables managed via secure vault — never committed to source control
- Penetration testing scheduled Q2 2026 — results to be published
Full cryptographic reference: For a complete breakdown of every algorithm used — SHA-256 record hashing, SHA-256 Merkle anchoring, HMAC-SHA256 TEE attestation, RSA-4096 evidence package signing, and AES-256-GCM at-rest encryption — including independent verification steps for each layer, see the Cryptographic Controls reference →
Compliance Evidence — Sample Artifact
Example output showing what an audit trail export looks like for a single agent execution
Every agent execution produces a signed execution record exportable for compliance audits. The following is a representative sample artifact — fictional data demonstrating the structure and fields of a real export. Sensitive fields (e.g., OAuth token hashes) are redacted in actual exports. See the full sample evidence package → See a real, annotated evidence pack walkthrough →
execution-audit-export.json
SAMPLE ARTIFACT — Fictional data
{
"execution_id": "exe_01hx9k2m3n5p7q8r",
"schema_version": "2.0.0",
// Identity & Ownership
"company_id": "cmp_7f3a2b",
"agent_id": "agt_compliance_auditor",
"agent_name": "EU AI Act Compliance Auditor",
"triggered_by": "user:usr_4c1e9d",
"trigger_type": "manual",
// Timing
"enqueued_at": "2026-04-08T09:14:22.301Z",
"started_at": "2026-04-08T09:14:23.104Z",
"completed_at": "2026-04-08T09:14:47.882Z",
"duration_ms": 24778,
// Compute Provenance
"compute_source": "theta_edgecloud",
"compute_node_id": "node_tec_us_west_7",
"compute_region": "us-west",
"tee_enabled": true,
"tee_attestation_hash": "sha256:3f7a...e291",
// Model Used
"model": "claude-opus-4-5",
"model_provider": "anthropic",
"prompt_version": "v3.2.1",
// Input Summary (no PII stored in audit log)
"input_summary": {
"task_type": "compliance_audit",
"input_tokens": 4820,
"context_sources": ["github_repo", "uploaded_policy_docs"],
"pii_detected": false
},
// Output Summary
"output_summary": {
"status": "completed",
"output_tokens": 2134,
"tools_used": ["read_file", "search_code", "create_report"],
"tool_calls_count": 14,
"output_hash": "sha256:9b2c...f447"
},
// Cost
"cost": {
"input_cost_usd": 0.0241,
"output_cost_usd": 0.0641,
"total_cost_usd": 0.0882
},
// Audit-Log Anchor
"audit_chain": {
"merkle_leaf_hash": "sha256:d4e1...b882",
"merkle_root_hash": "sha256:7f3c...a119",
"batch_anchor_id": "batch_29841703",
"anchored_at": "2026-04-08T09:15:00.000Z",
"batch_status": "sealed"
},
// Verification
"signature": "ed25519:MEQCID...AAA==",
"signed_by": "thetazero-audit-signer-v1"
}
Verification: The
merkle_leaf_hash and merkle_root_hash are cryptographically verifiable. Any party with the signed audit export can independently confirm the audit trail has not been tampered with by checking the hash chain.
Live Platform Feature
Export format: Audit exports are available as JSON or CSV via the REST API (GET /api/v1/executions/:id/audit-export). Enterprise plans include scheduled automated audit package delivery to S3/GCS buckets. This is generated from your actual usage data.
Data Residency & Retention
Where your data lives, what's stored, and how long we keep it
| Data Type | Storage Location | Encrypted at Rest | Retention |
|---|---|---|---|
| User accounts & credentials | Neon PostgreSQL (AWS us-east-1) | ✓ | Until account deletion + 30 days |
| OAuth tokens (GitHub, Gmail, etc.) | Neon PostgreSQL — AES-256-GCM field encryption | ✓ | Until connection revoked |
| Agent execution logs | Neon PostgreSQL (AWS us-east-1) | ✓ | 90 days (enterprise: configurable) |
| Audit trail hashes | ThetaZero audit log store | N/A — hashes only, no PII | Permanent (append-only) |
| Task inputs & context | In-memory during execution only | N/A — not persisted | Zeroed on task completion |
| Agent outputs / reports | Neon PostgreSQL (AWS us-east-1) | ✓ | 90 days (enterprise: configurable) |
| Media uploads (if used) | Cloudflare R2 (configurable region) | ✓ | Until deleted by user |
| Analytics / telemetry | Internal PostgreSQL — anonymized | ✓ | 13 months rolling |
Content vs. metadata — what this means for you: Customer content (documents, prompts, and outputs submitted for processing) is not retained by default — it is processed in-memory and zeroed on task completion. Operational metadata (execution timestamps, token counts, cost, and audit trail hashes) is retained for billing, auditability, and platform operation as described in the table above. OAuth tokens are stored encrypted solely to maintain your integration connections.
Primary Region
Application and database hosted in AWS us-east-1 (Northern Virginia). EdgeCloud compute nodes distributed globally; task dispatch region is configurable per enterprise plan.
EU Data Residency
EU-only data residency available on Enterprise plans. Data processed and stored exclusively in EU regions (Frankfurt, Ireland). Contact us for a Data Processing Agreement (DPA).
Data Deletion
Account deletion triggers immediate soft-delete and hard purge within 30 days. OAuth token revocation is immediate. GDPR right-to-erasure requests fulfilled within 72 hours.
DPA / Data Agreements
Standard Data Processing Agreement available. GDPR-compliant SCCs (Standard Contractual Clauses) provided for EU-US transfers. Contact [email protected].
Subprocessors: ThetaZero uses the following subprocessors: Neon (database), Cloudflare (CDN/R2), Anthropic (AI model inference), Render (application hosting). Full subprocessor list available on request.
SOC 2 Readiness
Honest status, timeline, and existing controls mapped to Trust Service Criteria
ThetaZero does not yet hold a SOC 2 Type II certification. We are building toward it deliberately — below is an honest summary of where we are, what controls are already in place, and our target timeline.
✓
Completed — Q1 2026
Security Foundations
Encryption at rest + transit, JWT auth, parameterized queries, CSRF protection, multi-tenant isolation, audit log infrastructure, AES-256-GCM token storage all in production.
✓
Completed — Q1 2026
Tamper-Evident Audit Trail
AuditChain Merkle hashing live — all agent executions produce tamper-evident, cryptographically verifiable audit records. Exceeds typical SOC 2 log integrity requirements.
→
In Progress — Q2 2026
Penetration Testing & Gap Assessment
Third-party pentest engagement scheduled. Gap analysis against SOC 2 Trust Service Criteria (Security, Availability, Confidentiality). Results and remediation plan to be published.
4
Target — Q3 2026
SOC 2 Type I Readiness
Formal policy documentation, vendor risk management program, incident response plan, and access review processes in place. Engage CPA firm for Type I audit.
5
Target — Q1 2027
SOC 2 Type II Certification
12-month observation period complete. SOC 2 Type II report issued by independent auditor. Report available to enterprise customers under NDA.
Existing Controls Mapped to SOC 2 Trust Service Criteria
- CC6.1 — Logical access security: JWT auth, SHA-256 hashed API keys, OAuth scoped to minimum permissions, multi-tenant row-level isolation
- CC6.7 — Transmission encryption: TLS 1.2+ on all connections, HSTS headers, no HTTP endpoints
- CC7.2 — System monitoring: Application health endpoints, error tracking, execution log streaming, real-time cost monitoring
- CC8.1 — Change management: All changes via pull requests with review, CI/CD pipeline with lint and test gates, feature branch workflow, no direct commits to main
- A1.1 — Availability monitoring: Render uptime monitoring, auto-recovery on crash, database connection pooling with failover
- CC2.2 — Risk assessment program: Formal risk register in progress — scheduled Q2 2026
- CC1.1 — COSO framework / organizational controls: Security policies being documented Q2 2026
Enterprise customers requiring SOC 2 evidence ahead of certification can request our Security Questionnaire response and current controls documentation. Contact [email protected].
Download Trust Pack
Share this document with your legal, risk, or InfoSec team
ThetaZero Trust Pack — April 2026
This page is formatted for print-to-PDF. Use your browser's Print function (Cmd/Ctrl + P → Save as PDF) to generate a clean PDF copy suitable for sharing internally with compliance, legal, or risk teams.
Last Updated
April 8, 2026
Next Review
July 2026 (quarterly cadence)
Security Contact
Legal / DPA Requests
Talk to Our Security Team
Have questions not answered here? We respond to enterprise security reviews within 2 business days.