Security & Compliance
Last Updated: June 3rd, 2025
At TrainMyAgent, security is not an add-on — it's foundational. Our AI agents are designed to meet the highest standards of data protection, compliance, and operational integrity from day one.
Deployment Architecture: Your Environment, Your Rules
- On-Prem or VPC: Deploy agents inside your firewall or in a single-tenant cloud environment provisioned exclusively for you.
- No Shared Compute: Every customer gets an isolated runtime — no commingled memory, storage, or data pipelines.
- Custom Network Configurations: Support for private subnets, bastion routing, and outbound-only traffic models.
Data Custody & Privacy
- Zero Data Retention (by default): We don’t store your data unless explicitly required for support or retraining.
- Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Data Ownership: You retain full ownership of inputs, outputs, and embeddings. We do not use your data to train global models.
- Scoped Permissions: Agents inherit your existing access controls and follow the principle of least privilege.
Compliance Alignment
TrainMyAgent can support deployment configurations aligned with:
- HIPAA – Support for data tokenization, audit logs, and PHI redaction.
- GDPR – Data residency control, right to erasure, and subject access request support.
- SOC 2 Readiness – Controls available for auditing agent performance, access, and system logs.
- ISO 27001 Principles – Alignment with structured ISMS practices in managed cloud deployments.
Operational Security
- Proactive Monitoring: All agents are monitored 24/7 for uptime, drift, and anomalies (in managed deployments).
- Access Controls: Role-based access and MFA are required for any administrative intervention.
- Patch Management: Security patches and LLM updates are tested and deployed as part of your included support.
Incident Response & Reporting
In the event of a security incident:
- You will be notified within 24 hours of confirmed unauthorized access to your agent or data.
- We will provide a full report including scope, impact, and remediation measures.
- Postmortems are logged and made available upon request (Enterprise plans).
Vendor Risk & Subprocessors
We maintain a minimal subprocessor footprint. When subprocessors (e.g., for infrastructure or storage) are used, they are held to the same security and compliance standards we uphold. A full list is available upon request.
Custom Controls & Documentation
Need to meet internal audit, procurement, or legal review requirements?
We provide:
- Risk assessments
- Architecture diagrams
- Pen test summaries (where applicable)
- Signed DPAs and SLAs
Questions or Requests?
Security reviews, audit checklists, or documentation requests can be sent to:
Why
Pricing
How it Works
Book a Call
Why
Pricing
How it Works
Security & Compliance
Last Updated: June 3rd, 2025
At TrainMyAgent, security is not an add-on — it's foundational. Our AI agents are designed to meet the highest standards of data protection, compliance, and operational integrity from day one.
Deployment Architecture: Your Environment, Your Rules
- On-Prem or VPC: Deploy agents inside your firewall or in a single-tenant cloud environment provisioned exclusively for you.
- No Shared Compute: Every customer gets an isolated runtime — no commingled memory, storage, or data pipelines.
- Custom Network Configurations: Support for private subnets, bastion routing, and outbound-only traffic models.
Data Custody & Privacy
- Zero Data Retention (by default): We don’t store your data unless explicitly required for support or retraining.
- Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Data Ownership: You retain full ownership of inputs, outputs, and embeddings. We do not use your data to train global models.
- Scoped Permissions: Agents inherit your existing access controls and follow the principle of least privilege.
Compliance Alignment
TrainMyAgent can support deployment configurations aligned with:
- HIPAA – Support for data tokenization, audit logs, and PHI redaction.
- GDPR – Data residency control, right to erasure, and subject access request support.
- SOC 2 Readiness – Controls available for auditing agent performance, access, and system logs.
- ISO 27001 Principles – Alignment with structured ISMS practices in managed cloud deployments.
Operational Security
- Proactive Monitoring: All agents are monitored 24/7 for uptime, drift, and anomalies (in managed deployments).
- Access Controls: Role-based access and MFA are required for any administrative intervention.
- Patch Management: Security patches and LLM updates are tested and deployed as part of your included support.
Incident Response & Reporting
In the event of a security incident:
- You will be notified within 24 hours of confirmed unauthorized access to your agent or data.
- We will provide a full report including scope, impact, and remediation measures.
- Postmortems are logged and made available upon request (Enterprise plans).
Vendor Risk & Subprocessors
We maintain a minimal subprocessor footprint. When subprocessors (e.g., for infrastructure or storage) are used, they are held to the same security and compliance standards we uphold. A full list is available upon request.
Custom Controls & Documentation
Need to meet internal audit, procurement, or legal review requirements?
We provide:
- Risk assessments
- Architecture diagrams
- Pen test summaries (where applicable)
- Signed DPAs and SLAs
Questions or Requests?
Security reviews, audit checklists, or documentation requests can be sent to:
Why
Pricing
How it Works
Why
Pricing
How it Works
Security & Compliance
Last Updated: June 3rd, 2025
At TrainMyAgent, security is not an add-on — it's foundational. Our AI agents are designed to meet the highest standards of data protection, compliance, and operational integrity from day one.
Deployment Architecture: Your Environment, Your Rules
- On-Prem or VPC: Deploy agents inside your firewall or in a single-tenant cloud environment provisioned exclusively for you.
- No Shared Compute: Every customer gets an isolated runtime — no commingled memory, storage, or data pipelines.
- Custom Network Configurations: Support for private subnets, bastion routing, and outbound-only traffic models.
Data Custody & Privacy
- Zero Data Retention (by default): We don’t store your data unless explicitly required for support or retraining.
- Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Data Ownership: You retain full ownership of inputs, outputs, and embeddings. We do not use your data to train global models.
- Scoped Permissions: Agents inherit your existing access controls and follow the principle of least privilege.
Compliance Alignment
TrainMyAgent can support deployment configurations aligned with:
- HIPAA – Support for data tokenization, audit logs, and PHI redaction.
- GDPR – Data residency control, right to erasure, and subject access request support.
- SOC 2 Readiness – Controls available for auditing agent performance, access, and system logs.
- ISO 27001 Principles – Alignment with structured ISMS practices in managed cloud deployments.
Operational Security
- Proactive Monitoring: All agents are monitored 24/7 for uptime, drift, and anomalies (in managed deployments).
- Access Controls: Role-based access and MFA are required for any administrative intervention.
- Patch Management: Security patches and LLM updates are tested and deployed as part of your included support.
Incident Response & Reporting
In the event of a security incident:
- You will be notified within 24 hours of confirmed unauthorized access to your agent or data.
- We will provide a full report including scope, impact, and remediation measures.
- Postmortems are logged and made available upon request (Enterprise plans).
Vendor Risk & Subprocessors
We maintain a minimal subprocessor footprint. When subprocessors (e.g., for infrastructure or storage) are used, they are held to the same security and compliance standards we uphold. A full list is available upon request.
Custom Controls & Documentation
Need to meet internal audit, procurement, or legal review requirements?
We provide:
- Risk assessments
- Architecture diagrams
- Pen test summaries (where applicable)
- Signed DPAs and SLAs
Questions or Requests?
Security reviews, audit checklists, or documentation requests can be sent to:
Why
Pricing
How it Works