Appearance
Security & Compliance
AgentWatch is designed with enterprise security requirements in mind. This page covers our security architecture, data handling practices, and compliance posture.
Core Security Principles
Prompt Content Never Stored
AgentWatch's primary security promise: prompt content is never stored persistently.
The data flow:
- SDK extracts text from messages for local PII scanning only
- PII scanner returns risk tags (e.g.,
PII_EMAIL), not the content itself - Only token counts, model names, and risk tags are logged to Supabase
- Raw prompt text exists transiently in memory and is discarded
Tenant Isolation
All data is isolated by tenant at every layer:
- KV keys: Namespaced as
t:{tenantId}:s:{sessionId}:* - Database: Row Level Security enabled on all tables
- Authentication: Tenant ID extracted from token, never from client headers
- Rate limiting: Per-tenant limits, not global
Timing-Safe Authentication
Token comparison uses crypto.subtle.timingSafeEqual to prevent timing attacks. Response time is identical for valid and invalid tokens.
SOC 2 CC6.1 Compliance
AgentWatch implements controls aligned with SOC 2 CC6.1 (Logical and Physical Access Controls):
| Control | Implementation |
|---|---|
| Logical access controls | Bearer token authentication on all endpoints |
| Authentication mechanism | Timing-safe token comparison, KV + static map dual lookup |
| Tenant isolation | KV namespace prefix t:{tenantId}: prevents cross-tenant access |
| Encryption in transit | HTTPS via Cloudflare edge, TLS to Supabase |
| Encryption at rest | Cloudflare KV and Supabase encrypt data at rest |
| Audit logging | auth_events (SSO), api_access_log (API calls), llm_request_logs (telemetry) |
| Data retention | 90-day telemetry, 1-year auth logs, automated purge via pg_cron |
| Least privilege | SECURITY DEFINER on purge functions, service_role-only RLS policies |
| Data classification | All tables tagged CONFIDENTIAL or INTERNAL |
Data Retention
| Data Type | Retention | Auto-Purge |
|---|---|---|
| Telemetry logs | 90 days | pg_cron daily |
| Auth audit logs | 1 year | pg_cron daily |
| API access logs | 90 days | pg_cron daily |
| Session state (KV) | 24 hours | KV TTL |
| Compliance reports | Indefinite | Manual |
Input Validation
All endpoints validate:
- Payload size: Maximum 1MB for ingest requests
- Numeric fields: Must be finite, non-negative integers
- String lengths: Truncated to prevent abuse
- Session IDs: Sanitized to prevent path traversal
- JSON format: Rejected if malformed
Secrets Management
- API keys stored as Cloudflare Worker secrets (encrypted at rest)
TENANT_TOKEN_MAPis a Worker secret, not in source code- Supabase service role key is a Worker secret
- No secrets are logged or exposed in error messages
Security Contact
For security vulnerabilities, contact: mohil.sharma@agent-watch.dev