Security & Trust

Your data stays yours. Always.

Harnyss is built on a BYOK-first architecture. We don't have access to your model traffic, your API keys are never stored, and your data is never used to train anything.

All systems operational

Architecture

How BYOK works

Your workspace

Harnyss platform

→

Your API key

Never stored by Harnyss

→

LLM provider

OpenAI · Anthropic · etc.

LLM calls travel directly from your agent runtime to your provider. Harnyss orchestrates the workflow but never proxies or stores your model traffic.

Controls

Security by default

Live

BYOK architecture

Your API keys never touch our servers permanently. LLM calls go directly from your agent runtime to your chosen provider — OpenAI, Anthropic, or compatible. We have zero access to your model traffic.

Live

Encryption at rest & in transit

All data is encrypted at rest with AES-256. All traffic is encrypted in transit via TLS 1.3. Agent memory, task logs, and workflow configs are isolated per workspace.

Live

Full audit trail

Every agent action, decision, approval, and tool call is logged with full provenance — agent ID, timestamp, cost, input, output. You can query, export, or replay any event.

Live

No model training on your data

Your data is never used to train any model — ours or third-party. Workspace data is logically isolated. We make this a contractual guarantee, not a preference setting.

Live

Role-based access control

Granular RBAC across every workspace. Control who can create workflows, approve agent actions, view audit logs, and manage integrations — down to the individual agent level.

In progress

SOC 2 Type II

We are actively pursuing SOC 2 Type II certification. Our controls, policies, and audit processes are designed to meet the standard. Expected completion Q3 2026.

Security questions?

We're happy to share our security documentation, answer specific questions, or schedule a technical review with your security team.

Contact security team