Security & Compliance

Enterprise-grade security is at the core of everything we build. Your data protection is our top priority.

Security Features

End-to-End Encryption

All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.

API Key Authentication

Secure API key authentication with hashed storage. Keys are shown only once at creation.

Role-Based Access Control

Granular permissions with admin, manager, and user roles to control access to sensitive operations.

Audit Logging

Complete audit trail of all actions including server approvals, policy changes, and user activities.

Data Isolation

Multi-tenant architecture with strict data isolation between organizations.

Edge Security

Deployed on Cloudflare's global network with DDoS protection and WAF.

Compliance Certifications

SOC 2 Type II

Annual audit of security, availability, and confidentiality controls.

Certified

GDPR

Full compliance with EU data protection regulations.

Compliant

HIPAA

Ready for healthcare workloads with BAA available.

Ready

ISO 27001

Information security management system certification.

Certified

Our Security Practices

Secure Development

  • Code review required for all changes
  • Automated security scanning in CI/CD
  • Dependency vulnerability monitoring
  • Regular penetration testing

Infrastructure Security

  • Zero-trust network architecture
  • Automated security patching
  • Infrastructure as code
  • Immutable deployments

Operational Security

  • 24/7 security monitoring
  • Incident response procedures
  • Regular security training
  • Background checks for employees

How We Handle Your Data

What We Collect

  • MCP server metadata (name, command, arguments)
  • Agent system metrics (hostname, OS, memory)
  • Network connection information for risk scoring
  • User account and organization data

What We Never Collect

  • MCP server conversation content or payloads
  • Credentials or API keys from discovered servers
  • File contents or database data
  • Personal data from your users or customers

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly to our security team. We appreciate your help in keeping Aliion secure.

Report security vulnerabilities to:

security@aliion.com

Have Security Questions?

Our security team is available to answer questions and provide additional documentation for your security review process.

Contact Security Team