Trust

Security

Seed organisms act on your behalf — accessing your APIs, sending messages, executing code. We take that responsibility seriously.

  • Data encryption

    • All data encrypted at rest with AES-256
    • TLS 1.3 for all data in transit
    • LLM API keys stored with envelope encryption
    • Memory databases isolated per account with unique encryption keys

  • Infrastructure

    • Hosted on Railway with SOC 2 Type II compliance
    • Organism containers isolated in separate namespaces
    • No shared memory or filesystem between organisms
    • Automated vulnerability scanning on every deploy

  • Access control

    • Role-based access control (Owner, Admin, Member)
    • API keys scoped to account, not individual users
    • Audit logs for all administrative actions (Redwood plan)
    • SSO support via SAML and OIDC (Redwood plan)

  • Responsible disclosure

    • Security vulnerabilities: security@seed.dev
    • We respond within 24 hours
    • We follow coordinated disclosure (90-day window)
    • Bug bounty program coming soon