Built for serious workloads.
Honest about what ships today, transparent about what's in flight.
Isolation
Each workspace runs in its own logical tenant. Rooms can be further pinned to a dedicated runtime pool.
Encryption
TLS 1.3 in transit. AES-256 at rest. Runtime API keys are stored encrypted and scoped per workspace.
Audit
Every action — agent run, artifact write, access change — is recorded with operator, timestamp, and source.
Compliance
SOC 2 Type I — not yet engaged. Self-hosted deployments give you full control of your data via docs/HETZNER_DEPLOYMENT.md. Self-hosted deployments in EU and US via Hetzner Cloud (see Hetzner runbook).
Self-host
Run Agentarium in your VPC if you can't send data to a managed cloud. Same control plane, your perimeter.
Disclosure
Found something? Email security@agentarium.dev. We respond within one business day.