Agentyk.me Logo
Security Architecture

Built for European Data Sovereignty

A complete view of our infrastructure, data flows, and security controls — designed for CTO and CISO review.

Enterprise Architecture

End-to-end data flow from user authentication to AI processing — all within European infrastructure.

UsersWeb BrowserHTTPS / TLS 1.3SSO ProvidersSAML / Azure ADGoogle WorkspaceMicrosoft / SURFconextEU InfrastructureNext.js API LayerVercel Edge + Server RoutesFirebase Auth4 providers + SSORBAC EngineOwner / Admin / MemberFirestore eur3Multi-region EUAudit LogsTTL: 30d / 1yrEncryptedStripePayments (SCCs)Sentry APMPII scrubbingAI ProcessingAzure Sweden CentralGPT OSS 120BDeepSeek V3.2 SpecialeMistral Large 3Llama 4 MaverickZero conversation storageAuto-deleted on tab closeLegendEncrypted data flow (TLS 1.3)EU-only infrastructure boundaryAuto-deleted data (zero retention)

Infrastructure Stack

Every layer of the stack is designed for security, compliance, and European data residency.

Frontend
  • Vercel edge network
  • Next.js 15 with React
  • TypeScript + Tailwind CSS
Authentication
  • Firebase Auth (4 providers + SAML SSO)
  • AES-256-GCM token encryption
  • Session timeout enforcement
Database
  • Firestore eur3 (multi-region EU)
  • Encrypted at rest (AES-256)
  • Automatic backups
AI Processing
  • Azure Sweden Central
  • 4 open-source models
  • Smart load balancing
Payments
  • Stripe with SCCs in place
  • PCI DSS Level 1 compliant
  • No card data on our servers
Monitoring
  • Sentry APM
  • PII scrubbing enabled
  • Real-time error tracking

Security Controls

Enterprise-grade security features built into every layer of the platform.

SSO / SAML
Enterprise identity provider integration with Azure AD, Okta, Google Workspace
RBAC
Three-tier roles: Owner, Admin, Member with granular permissions
Audit Logging
Complete activity trail with configurable TTL (30 days / 1 year)
API Key Auth
SHA-256 hashed keys with CIDR allowlists and rate limiting
Session Timeout
30-minute admin session timeout with automatic re-authentication
Rate Limiting
Per-endpoint rate limits to prevent abuse and ensure availability
CSP + HSTS
Content Security Policy headers and HTTP Strict Transport Security
Fraud Prevention
Device fingerprinting and payment method verification
GDPR Consent Gating
Mandatory consent before data processing with granular controls
Data Export (DSAR)
Full data export endpoint for Data Subject Access Requests
Account Deletion
Complete data erasure including all organization data
Incident Response
Documented runbook with GDPR 72-hour breach notification process

Compliance Status

Our current compliance posture across key frameworks.

GDPR

Compliant
  • Consent gating before data processing
  • DSAR export endpoint
  • EU data residency (Firestore eur3)
  • 72-hour breach notification process

SOC 2

In Progress
  • 79% of controls implemented
  • Trust Services Criteria mapped
  • Audit preparation underway
  • Target: Type I report

ISO 27001

Planned
  • Roadmap item for certification
  • Gap analysis scheduled
  • ISMS framework selection
  • Building on SOC 2 controls

Ready for Enterprise Evaluation?

Review our GDPR compliance fact sheet or speak with our team about your security requirements.

Request a DemoGDPR Fact Sheet