Last updated: April 11, 2026

Security Policy

Program

AutonomyX operates AgentNxt with administrative access controls, encrypted transport, centralized routing, service monitoring, logging, backup planning, vulnerability management, and least-privilege operational practices.

SOC 2 Alignment

The platform is designed to align with SOC 2 Trust Services Criteria for security, availability, confidentiality, processing integrity, and privacy. Formal SOC 2 audit status, report availability, bridge letters, and exceptions are provided through customer due-diligence channels when applicable.

Controls

Installed controls include identity services, secret management, policy enforcement, mail services, observability, uptime checks, error tracking, infrastructure metrics, and application logs. Security boundaries depend on the customer deployment, enabled integrations, and administrator configuration.

Incident Response

Security incidents are triaged by severity, containment need, customer impact, legal obligation, and evidence availability. Customers will be notified of confirmed incidents involving their data according to contractual, GDPR, India DPDP Act, and other applicable legal requirements.

Customer Duties

Customers must manage authorized users, API keys, model provider credentials, sensitive data policies, endpoint security, identity provider settings, and backup/export requirements for their organization.