OPENRIFT // SECURITY // TRUST

Built like the work
actually matters.

Agents touch your live tools. Stripe, HubSpot, GitHub, your codebase, your customers. We treat that boundary with the seriousness it deserves. Isolated workspaces. Encrypted everything. No training on your data. Confirmation before anything irreversible.

Request SOC 2 report →See the controls

// AT A GLANCE

SOC 2 Type 1Audited · 2026
SOC 2 Type 2In progress · Q3
ISO 27001In pursuit · 2026
PDPAAligned · SG
TLS1.2+ everywhere
At-restAES-256, per-workspace keys
Training on dataNever
IsolationHard tech boundary

01 / COMPLIANCE

Audited, where it counts.

SOC 2 · ISO 27001 · PDPA

SOC 2

Type 1 · 2026

SOC 2 Type 1, today.

Independent audit of our security controls — access, change management, monitoring, incident response. Report available on request under NDA.

→ Type 2 in progress · expected Q3 2026

ISO 27001

In pursuit

ISO 27001 in pursuit.

Information security management system implementation underway. Gap assessment complete, internal audit Q2 2026, certification target end of 2026.

→ Stage 1 audit scheduled · Q4 2026

PDPA

Singapore

PDPA compliant.

Aligned with Singapore Personal Data Protection Act. Data Protection Officer registered. DPIA workflow for any client engagement touching personal data.

→ Regional residency available · SG / MY / ID / TH

02 / POSTURE

How we handle your data.

In transit · at rest · in memory

Your data stays yours. We don't train on it.
We don't share it across clients.
We delete it on request.

// 01

Encryption in transit

Every connection — your browser to our edge, our agents to your tools, agents to LLMs — runs over TLS 1.2+. No plaintext on the wire, ever. HSTS enforced on all customer surfaces.

// 02

Encrypted at rest

Industry-standard AES-256 encryption on all stored data — conversation history, tool credentials, intermediate state, generated artifacts. Per-workspace encryption keys, rotated quarterly.

// 03

Workspace isolation

Hard technical boundary between client workspaces. No shared compute, no shared storage, no shared identity. An agent in workspace A cannot read, write, or even enumerate anything in workspace B. This is enforced at the infrastructure layer, not just the application.

// 04

No training on your data

We do not use your conversations, your data, or your workflows to train models. Not ours, not third-party providers. Our LLM contracts (Anthropic, OpenAI, regional) explicitly opt out of training on customer data. Full stop.

// 05

Retention + deletion

Default retention is 90 days of conversational history, indefinite for artifacts you choose to keep. Full workspace wipe available via support — removes stored data, learned context, and integration history within 30 days. Tombstones audit-logged.

// 06

Audit logging

Every agent action — tool call, message sent, external write — is logged with actor, target, payload digest, and outcome. Logs are immutable, retained 12 months by default, exportable on request. Enterprise tier gets streaming SIEM forwarding.

// sample · agent activity surface

Every action,
attributable.

What the agent ran, what it touched, what shipped — surfaced in one rolling pulse. Immutable, exportable, SIEM-forwardable on Enterprise.

Openrift · Daily Pulse

14 MAY · 09:00

MRR

184,500SGD

+18%

Pipeline

1.2MSGD

+62%

Burn

92kSGD

flat

Runway

14months

–1mo

// narrative

May closed up 18% MoM — driven by 4 mid-market closes in SG/MY. Burn held flat despite the ops hire. Pipeline weighted at SGD 1.2M with three enterprise in legal review. Runway shortens by a month from April; conservative new-deals model puts it back at 16 by July.

// actions queued

→Confirm Antler SEA intro for warm pipeline (4 names queued)
→Forecast refresh scheduled Wed — pending close updates from CRM
→Audit trigger: Meta-TOFU-V4 dropped to 0.7% CTR yesterday

Sources — Stripe · HubSpot · Sheets · Headerv 12 · auto

03 / BOUNDARIES

Agents don't go rogue.

Action scopes · approvals · audit

// 01

Confirmation before high-stakes actions

Sending external email. Posting publicly. Deploying to production. Moving money. Modifying access controls. Agents pause and ask before any of these. Boundary list is configurable per workspace and per agent role.

// 02

Scoped tool credentials

Agents authenticate with the narrowest scope that does the job. Stripe read-only by default. HubSpot scoped to the relevant pipeline. GitHub limited to specific repos. Credentials live in a sealed vault, never exposed to the LLM.

// 03

Human in the loop, by design

High-stakes workflows route through a human approver before execution. Configurable per workflow — some teams approve every external write, others only money movements. We don't ship agents that can do irreversible things without oversight.

// 04

Disconnection is immediate

Disconnect an integration and the agent stops querying that source immediately. Some derived context may persist in working memory — same as a colleague who remembers what they learned. Full purge available via support.

04 / ROADMAP

What ships next.

2026 → 2027

Q2 2026

Private Mode

Per-user isolation inside a shared workspace. Your DMs with the agent stay yours — teammates can't see them even with admin access.

Q3 2026

Role-Based Access Control

RBAC on agent capabilities. Map your Slack / WhatsApp roles to what the agent will do for them. Finance role gets finance tools, engineering gets engineering tools.

Q3 2026

Per-user token scoping

When the agent calls Stripe on a teammate's behalf, it uses their token, not a shared one. Full attribution, full audit trail, full PDPA alignment.

Q4 2026

Customer-managed keys

Bring your own KMS key. Encryption keys for your workspace held in your AWS / GCP account, not ours. Available on Enterprise.