Security, Compliance & SLA

At Crafted, security isn't a feature—it's the foundation. We employ enterprise-grade protocols to ensure your data stays private and your AI agents remain resilient.

Security Architecture

We protect your data across every layer of our infrastructure using industry-standard cryptographic methods.

| Layer | Standard / Tool | Implementation Detail | |:------|:----------------|:----------------------| | Data In Transit | TLS 1.3 | All traffic encrypted using high-strength cipher suites. | | Data At Rest | AES-256 | Disk-level encryption for all Vector DBs and backups. | | Cloud Security | Private VPC | Isolated network environment with strict ingress rules. | | Workplace Isolation | Logical Multi-tenancy | Strict row-level security (RLS) and database isolation. |

Authentication & Access Control

Granular control over who can access your agents and how they are managed.

| Feature | Requirement | Description | |:--------|:------------|:------------| | MFA | Required | Mandatory Multi-Factor Authentication for all admins. | | API Keys | Hashed HMAC | Keys are hashed at rest; non-recoverable if lost. | | RBAC | Enterprise | Granular permissions (Admin, Builder, Viewer). | | SSO | SAML / OIDC | Identity provider integration for managed teams. |

Compliance & Privacy Standards

We strictly adhere to global data protection regulations and undergo regular independent audits.

| Standard | Status | Note | |:---------|:-------|:-----| | SOC 2 Type II | Certified | Annual third-party audits of security & confidentiality. | | GDPR | Compliant | Data Processor agreement with regional storage options. | | HIPAA | Ready | BAA available for private cloud Enterprise deployments. | | ISO 27001 | Aligned | Infrastructure follows ISO security management systems. |

Data Governance & Training Policy

Your proprietary data never leaves your control.

| Policy Item | Commitment | |:------------|:-----------| | LLM Training | We NEVER use your data to train or fine-tune public models. | | Log Persistence | Optional "Zero-Log" mode available for sensitive agents. | | Data Ownership | You retain full legal ownership of all documents and prompts. | | Data Portability | Export your vector indices at any time in standard formats. |

Service Level Agreement (SLA)

We provide a robust uptime guarantee for our API and agent orchestration services to ensure your production workflows are uninterrupted.

Availability Guarantee

| Plan | Monthly Uptime % | Availability Commitment | |:-----|:-----------------|:------------------------| | Starter | 99.0% | Core API availability | | Standard | 99.9% | API & Vector DB availability | | Enterprise | 99.99% | Custom regional redundancy & failover |

Uptime Definition

"Monthly Uptime Percentage" is calculated by subtracting from 100% the percentage of 1-minute intervals during the month in which the Crafted API is "Unavailable."

Service Credits (Enterprise Only)

| Monthly Uptime Percentage | Service Credit Percentage | |:--------------------------|:--------------------------| | < 99.99% but ≥ 99.0% | 10% | | < 99.0% but ≥ 95.0% | 25% | | < 95.0% | 50% |

Support & Incident Management

We categorize requests to ensure mission-critical issues are resolved with the highest priority.

| Severity | Definition | Standard Response | Enterprise Response | |:---------|:-----------|:------------------|:--------------------| | S1 (Critical) | Production is down for all users. | 4 Hours | < 1 Hour (24/7) | | S2 (High) | Major feature is broken, no workaround. | 8 Hours | 2 Hours | | S3 (Normal) | Minor feature issue or API question. | 24 Hours | 4 Hours | | S4 (Low) | Documentation or general feature request. | 48 Hours | 8 Hours |

Maintenance Windows

For legal documents or to request our latest SOC2 report, please visit our Contact Page.