Skip to main content

Trust Center · Last updated 2026-04-28

The security posture behind the MCP firewall.

ShieldAgent sits between your AI agents and every tool they touch. We hold ourselves to the same standard we apply to your traffic: documented controls, verifiable audit evidence, and no claim we cannot defend in an enterprise review. This page is the single source of truth for how we run.

Regulatory alignmentData handlingSub-processorsIncident responseResponsible disclosure

Regulatory alignment

Where we stand against every framework buyers ask about.

We publish an honest view of each framework: where we are aligned, where certification is in flight, and which specific controls or articles we can evidence today. No green ticks for audits we have not completed.

EUAligned

EU AI Act

Aligned

Enforcement: 2 August 2026

High-risk obligations (Annex III) met through Annex IV technical documentation generated from your audit trail, continuous risk management, logging, and post-market monitoring.

  • Annex IV — 8 mandatory sections generated from live telemetry
  • Article 9 — continuous risk management via the risk engine
  • Article 12 — automatic event logging with hash-chain integrity
  • Article 14 — human-oversight evidence captured per interaction
  • Article 72 — post-market monitoring plan, incident reports, and metrics
ISOAligned

ISO/IEC 42001

Aligned

AI Management System requirements mapped to ShieldAgent controls. Policy framework, risk assessment procedures, and evaluation evidence aligned to the standard.

  • Clause 6 — AI risk assessment and treatment
  • Clause 8 — AI system operations controls
  • Clause 9 — performance evaluation (metrics, internal audit)
  • Clause 10 — continual improvement (incident learnings → policy updates)
NISTAligned

NIST AI RMF

Aligned

Govern, Map, Measure, and Manage functions mapped to the proxy controls, audit trail, and risk-scoring system.

  • GOVERN — policy and accountability structure
  • MAP — AI risk identification and categorisation
  • MEASURE — quantified risk via risk scores and anomaly detection
  • MANAGE — active mitigation via inline blocking and alerting
SOC2In progress

SOC 2

Type II — audit in progress

Trust Services Criteria are implemented in-product with continuous evidence collection via the Merkle-tree audit trail. Third-party attestation report is pending auditor sign-off.

  • CC6 — logical and physical access controls
  • CC7 — system operations monitoring
  • CC8 — change management evidence
  • A1 — availability monitoring and SLA tracking
Controls listed are implemented in-product; independent attestation is not yet issued.

Note on SOC 2 · Our SOC 2 Type II audit is in flight. Trust Services Criteria are implemented and continuously evidenced; the third-party attestation letter will be made available under NDA to prospective customers as soon as it is issued.

Data handling & retention

What we collect, where it lives, and how long we keep it.

Residency

EU-first

Managed SaaS runs in EU-region infrastructure; regional options available for Business-tier customers. BYOC (Bring Your Own Cloud) deploys entirely inside your own AWS account — no customer data transits our infrastructure.

Encryption

TLS 1.3 · AES-256

TLS 1.3 in transit with modern cipher suites; AES-256 at rest. Per-tenant keys isolate encrypted audit storage. Signing and integrity keys are planned to move behind a hardware-backed KMS before GA for regulated workloads.

Audit integrity

Merkle-tree chain

Every audit event is linked into a SHA-256 Merkle chain. Tampering or gaps are detected by continuous chain-verification jobs. Exports ship with a signed manifest so downstream verifiers can replay the proof independently.

DLP at capture

13 PII classes

Data Loss Prevention redacts EU PII classes before events are persisted, reducing the blast radius of any downstream incident and supporting GDPR data minimisation (Art. 5(1)(c)).

Retention

Tiered · customer-owned archive

Retention is tiered and configurable. Business (SaaS): 1 year online + continuous signed export to your cloud bucket (S3/Blob/GCS); you retain the 10-year archive and we supply the manifest and verification tooling. Enterprise Cloud (SaaS dedicated): 1 year online + 4 years warm query, with optional 10-year archive hosted by ShieldAgent as an add-on. Enterprise On-Prem: fully customer-controlled; default configuration meets the EU AI Act Article 18 10-year window for providers of high-risk AI systems. Compliance snapshots (Annex IV PDFs, SOC 2 / ISO reports) are held by ShieldAgent for 10 years across every tier at no additional cost. EU AI Act Article 18 requires the provider of a high-risk AI system to keep technical documentation and related records for 10 years; ShieldAgent is the tooling that produces and preserves that documentation, and the statutory obligation sits with the customer as provider. Retention policy last reviewed 2026-04-16; tier-specific windows ratified at the 2026-04-28 board review.

Multi-tenancy

Isolated · per-tenant keys

Row-level security (RLS) is enforced at the database layer on every multi-tenant table. Keys, policies, and audit streams are scoped by tenant and are never cross-readable.

Processor role under GDPR

ShieldAgent acts as a data processor (Art. 4(8) GDPR). You remain the controller and determine the purposes and means of processing. A Data Processing Agreement under Article 28 is available for every customer; Standard Contractual Clauses are applied for any transfer outside the EEA. Breach notification to controllers is delivered without undue delay under Art. 33(2).

Two-factor authentication

2FA enforcement is available today via the management API only. Dashboard-level 2FA configuration is on the roadmap for general availability. Enterprise customers who require 2FA enforcement ahead of the dashboard release can apply it programmatically — contact security@shieldagent.io for implementation guidance.

Sub-processors

The third parties we rely on — categorised, regionalised, and scoped.

For every category below we publish the region and the data categories processed. Specific vendor names for the managed SaaS are confirmed at general availability; BYOC customers have no ShieldAgent-managed sub-processor in the data path because the workload runs entirely inside their own cloud account.

PurposeCategoryVendorRegionData categoriesStatus
Cloud hosting (managed SaaS)InfrastructureEU-region cloud provider — name published at GAEU (Frankfurt or Paris)Audit events, policy configuration, account metadataPlanned · GA
Managed PostgreSQLData storagePublished with hosting vendor at GAEUTenant data, audit chain, compliance evidencePlanned · GA
Managed RedisCache & sessionPublished with hosting vendor at GAEUShort-lived tokens, rate-limit counters, in-flight distributed locksPlanned · GA
Transactional emailNotificationsEU-based transactional email provider — name published at GAEUAccount contact email, security alert recipientsPlanned · GA
Observability (logs, metrics, traces)OperationsSelf-hosted Grafana / Prometheus / Loki todayEUService telemetry; redacted at source for PII and secretsIn use
BYOC customersDeploymentNo ShieldAgent sub-processor — workload runs in your AWS accountYour AWS regionAll customer data stays inside your VPCIn use

Sub-processor changes are notified to affected customers at least 30 days before they take effect. Email privacy@shieldagent.io to subscribe to sub-processor change notices or to object to a new sub-processor under Art. 28(2) GDPR.

Incident response

Severity-classified playbooks with published SLAs.

Every security event is triaged against a documented playbook covering prompt injection, data-leak / PII exfiltration, and agent spoofing / credential compromise. Severity determines response time; breach notification to affected controllers follows GDPR Art. 33 (72 hours).

P1 — Critical

Confirmed security bypass, active data exfiltration, or a control-plane outage affecting multiple tenants.

Ack within 15 minutes · 24/7

P2 — High

Blocked-but-novel attack pattern, injection clustering, or degraded SLA with customer-visible impact.

Ack within 1 hour · business hours accelerated

P3 — Medium

Shadow-mode detection of a medium-severity threat, or a single-event high-severity block warranting review.

Ack within 4 hours

P4 — Low

Informational signals, minor detections, or low-severity configuration issues.

Next business day

Security contact

security@shieldagent.io

Production security incidents, suspected compromise of a customer tenant, or urgent patch coordination. Monitored 24/7 for P1 events.

Privacy & data-subject requests

privacy@shieldagent.io

GDPR data-subject access / erasure requests, DPA requests, and sub-processor change notifications.

Responsible disclosure

Researchers: we want to hear from you.

ShieldAgent follows a coordinated disclosure model. If you have found a vulnerability — in the proxy, the API, the dashboard, or any of our public repositories — report it to security@shieldagent.io. We will acknowledge within one business day and agree a remediation timeline with you.

How to report

Email security@shieldagent.io with a reproduction, impact analysis, and any supporting artefacts. If the issue is sensitive, request our PGP key in the same message and we will provide it before you send details.

Safe harbour

Good-faith security research that (a) does not access, alter, or destroy data belonging to other customers, (b) does not degrade our services, and (c) respects a 90-day disclosure window from first contact is authorised. We will not pursue legal action against researchers who comply with these terms.

Out of scope

Findings that require social engineering of our staff, denial-of-service against production, or access to third-party systems we do not operate are out of scope. Missing security headers without demonstrable impact, and rate-limit absence on endpoints that are themselves rate-limit-aware, are informational and non-rewarded.

A formal bug bounty programme will launch alongside general availability of the managed SaaS. Until then, material findings are rewarded at the discretion of the CISO.

Policies & documents

The written policies behind the controls.

These are the authoritative documents. Customer-facing artefacts (SOC 2 report when issued, DPA, SIG Lite, CAIQ) are available under NDA — contact security@shieldagent.io.

Threat Model (STRIDE)

Full STRIDE threat model covering the MCP proxy attack surface, data flows, and mitigations.

Incident Response Playbooks

Step-by-step runbooks for prompt injection, data-leak, and agent-spoofing incidents, with severity classification and SLAs.

Security Review Checklist

CISO review gates every security-critical change before merge. Publicly documented so customers can audit our change-management posture.

EU AI Act Scope Guide

How ShieldAgent maps to EU AI Act obligations (Annex III, Annex IV, Articles 9/12/14/72).

Compliance reference

Product-level documentation on how ShieldAgent produces regulator-ready compliance evidence.

Legal entity

ShieldAgent, S.L.

Registered in Andorra 🇦🇩

Brand

ShieldAgent

The MCP firewall for AI agents

Page updated

2026-04-28

Reviewed after each sprint