Skip to content
EISBERG
Security & compliance

Enterprise-grade by architecture, not by checklist.

The security posture is a consequence of the platform's shape — not a layer painted on at the end. Customer-owned storage, policy-as-code at every boundary, audit trails by default.

Customer-owned data plane

Your data lives in your S3, your Azure Blob, your GCS — never on Eisberg infrastructure. We bring the control plane and compute. You bring the keys.

TLS 1.3 in transit, AES-256 at rest

Every byte encrypted with cloud-native KMS. BYOK supported on day one. Customer-managed keys flow through to policy decisions for context-aware masking.

Policy-as-code governance, every layer

Row-level security, column masking, action authorization, agent scoping — all expressed as code. One policy plane, every component reads from it, every decision audit-logged.

Tamper-evident audit trail

Every query, every action, every agent decision lands in an audit trail with cryptographic continuity. Survives regulator scrutiny — and our own.

Lineage that survives migrations

Open-standard lineage events emitted at every transformation. Time travel for point-in-time reproducibility. Replay any decision, any pipeline, any agent action — by ID.

Compliance modules as code

BCBS 239, SR 11-7, HIPAA, 21 CFR Part 11, FedRAMP rule packs ship as deployable modules. Audit packs generate themselves on demand.

Agent governance

Six guardrails the rest of the industry treats as optional.

Agents are about to become the primary users of every data system on earth. Most platforms are not ready for that. Ours was designed for it.

  • Per-agent identity, scoped to a workspace and a set of resources
  • Risk-graded approval gates on high-stakes actions (writes, exports, policy changes)
  • Graduated autonomy: agents earn trust through verified successful actions, never granted by default
  • Per-action metering surfaces every agent decision in the billing trail
  • Agent audit log is queryable, filterable, and exportable for regulator review
  • Hard kill switch: revoke an agent's permissions globally in one API call
Roadmap

What we are pursuing in the next 12 months.

In progress

SOC 2 Type II

In progress

ISO 27001

In progress

HIPAA BAA

In progress

FedRAMP Moderate

Need the full security package?

CISO whitepaper, threat model, agent governance specification, policy library, and audit trail schema — all available under NDA.

Request the packageArchitecture