Security

Built like it matters.

Trust is our product, so security isn't a page we wrote for procurement. This is how every Veryl environment is actually put together, in plain language.

The environment

Yours alone, closed by default.

Isolation between organizations

Every organization's data is strictly separated: access is scoped to your org on every request, and there is no cross-organization path to agents, knowledge, or records. Private and Dedicated plans add single-tenant infrastructure with dedicated storage on AWS or Azure.

Encrypted at rest

Signing keys and credentials are encrypted under a master key unique to your environment. An environment refuses to start without one: it fails closed, never open.

Everything off until enabled

Integrations, channels, and connectors start disabled. Each one is turned on deliberately, by your admin, and can be revoked one grant at a time.

The record

Nothing happens off the books.

Append-only audit

Every invocation, review, export, and permission change lands in a tamper-evident, append-only log. Once written, an entry is permanent; not even an admin can change it.

Attributed actions

Every agent turn records who asked, from which surface, at what time. There is no anonymous path to an agent: API callers hold scoped credentials, and assistant users grant individual consent.

Signed exports

Anything that leaves the environment carries a signature: Passports verify against published keys, and exports are signed on the way out so tampering shows.

The controls

People stay in charge.

Separation of duties

Builders create, reviewers sign off, admins govern, collaborators use. The roles are enforced by the system, not by convention, and no single role can both write and approve.

Human approval gates

The consequential actions wait for a person: sending an email, advancing a workflow past a gate, granting an agent a new tool. Deletes in connected mailboxes are always reversible moves, never permanent.

One-action quarantine

Quarantining an agent blocks it everywhere at once: every room, workflow, channel, and integration answers with the block notice on the next message.

Fails closed, never open

Agents run inside Veryl, so there is no ungoverned fallback path. If any part of the system can't check an agent's verification, the agent waits; it never acts unchecked. The same rule holds at every layer, down to encryption keys.

Data minimization built in

Personal information is detected and redacted when documents are ingested. Agent memory keeps scrubbed one-line summaries, never raw transcripts, with retention you control per source.

Paperwork & disclosure

Ask us anything, tell us everything.

Formal certifications

We won't claim badges we don't hold, so here is where things stand. HIPAA support with a signed BAA and SOC 1 are available at launch, on every plan; security is never an upsell here. SOC 2 Type II is planned and in progress, not complete. Ask where the audit work stands and you'll get a straight answer and a timeline, in writing.

Security reviews

Bring your questionnaire. We answer security reviews live, with the architecture on screen, and put the answers in writing afterward. Start with the Passport design and threat model.

Found a vulnerability?

Write to info@veryl.ai (also published at /.well-known/security.txt). We read every report, respond quickly, and credit researchers who want it.