Security & Trust: Our Unbreakable Foundation
At AgenticSQL, security is not an afterthought; it is our architecture's cornerstone. We built our platform from the ground up on the world's most secure and compliant cloud infrastructure, leveraging battle-tested principles to protect your data at every layer. Your trust is our most important asset.
Your Fortress: Network & Data Isolation
Every database you deploy with AgenticSQL lives inside its own Isolated Private Network (VPC). By default, it has no public internet exposure. Communication between your application and your database is secured, but the database itself is shielded from the outside world. This is the gold standard for enterprise-grade network security, enabled for you with zero configuration.
- Private Network by Default (VPC)
Each database operates in its own isolated virtual private cloud, completely separated from other tenants and the public internet.
- Strict Firewall Rules
Network access is controlled by enterprise-grade firewall policies that only allow authorized connections from your applications.
- No Public IP Addresses Assigned to Databases
Your database is not directly accessible from the internet. All connections are routed through secure, private channels.
The Gatekeepers: Authentication & Access Control
We don't rely on static, long-lived database passwords that can be leaked. Our system is built on a modern, Role-Based Access Control (IAM) model. When you connect, you are granted temporary, short-lived credentials with the principle of least privilege. For our automated CLI workflow, we use revocable API Keys, ensuring your terminal access is always under your control.
- Short-Lived, Dynamic Credentials
Database credentials are generated on-demand and automatically expire, reducing the risk of credential theft.
- Principle of Least Privilege
Every connection is granted only the minimum permissions required to perform its intended function—nothing more.
- Revocable API Keys for CLI Automation
Your CLI API Key can be instantly revoked from the dashboard, immediately terminating all automated access.
The Vault: End-to-End Encryption
Your data is encrypted at every stage, no exceptions.
Encryption in Transit
All communication between your application, our platform, and your database is encrypted using industry-standard TLS 1.2+. Data never travels in plaintext across the network.
Encryption at Rest
Your database's underlying storage and all automated backups are encrypted by default using the AES-256 algorithm, one of the strongest block ciphers available.
The Foundation: World-Class Infrastructure
Our entire platform is built and managed on Amazon Web Services (AWS), the industry leader in secure cloud computing. This allows us to inherit a security posture that is compliant with the most stringent global standards.
- Powered by AWS Infrastructure
We leverage AWS's multi-trillion-dollar investment in security, reliability, and global infrastructure.
- SOC 2, ISO/IEC 27001, and PCI DSS Compliant Data Centers
Your data resides in facilities that meet the highest industry standards for security and compliance.
- 99.9% Uptime SLA for Core Services
Our infrastructure is designed for reliability, with redundancy and failover mechanisms built into every layer.
Your Responsibilities
While we secure the infrastructure, you control access to your applications. Follow these best practices:
- •Store connection strings securely. Use environment variables, never commit them to version control.
- •Rotate CLI API Keys regularly. Treat them like passwords—revoke and regenerate if compromised.
- •Use read-only connections when possible. Grant write access only to services that need it.
- •Monitor your database activity. Use the dashboard's monitoring features to detect unusual patterns.
Security is Not Negotiable
We don't compromise on security. Every decision we make—from network architecture to credential management—is designed to protect your data. You focus on building. We focus on keeping your foundation unbreakable.