Security & Compliance

We're building enterprise-grade security into VeilKey from the ground up. Your data protection is our priority.

Security Features

End-to-End Encryption

All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.

API Key Authentication

Secure API key authentication with hashed storage. Keys are shown only once at creation.

Role-Based Access Control

Granular permissions with admin, manager, and user roles to control access to sensitive operations.

Audit Logging

Complete audit trail of all actions including server approvals, policy changes, and user activities.

Data Isolation

Multi-tenant architecture with strict data isolation between organizations.

Compliance Journey

We're actively working toward industry compliance certifications. Here's where we are in our journey.

SOC 2 Type II

Working toward SOC 2 Type II certification for security controls.

In Progress

GDPR

Building EU data protection compliance into our architecture.

In Progress

HIPAA

Developing healthcare data security features.

In Progress

ISO 27001

Implementing information security management practices.

In Progress

ISO 42001

Building toward AI management system certification.

In Progress

Our Security Practices

These are the security practices we're implementing and following as we build VeilKey.

Secure Development

  • Code review required for all changes
  • Automated security scanning in CI/CD
  • Dependency vulnerability monitoring
  • Regular penetration testing

Infrastructure Security

  • Zero-trust network architecture
  • Automated security patching
  • Infrastructure as code
  • Immutable deployments

Operational Security

  • 24/7 security monitoring
  • Incident response procedures
  • Regular security training
  • Background checks for employees

How We Handle Your Data

What We Collect

  • MCP server metadata (name, command, arguments)
  • Agent system metrics (hostname, OS, memory)
  • Network connection information for risk scoring
  • User account and organization data

What We Never Collect

  • MCP server conversation content or payloads
  • Credentials or API keys from discovered servers
  • File contents or database data
  • Personal data from your users or customers

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly to our security team. We appreciate your help in keeping VeilKey secure.

Report security vulnerabilities to:

security@aliion.com

Have Security Questions?

Our team is available to answer questions and provide additional documentation for your security review process.

Contact Security Team