Security, Compliance & SLA
At Crafted, security isn't a feature—it's the foundation. We employ enterprise-grade protocols to ensure your data stays private and your AI agents remain resilient.
Security Architecture
We protect your data across every layer of our infrastructure using industry-standard cryptographic methods.
| Layer | Standard / Tool | Implementation Detail |
|---|---|---|
| Data In Transit | TLS 1.3 | All traffic encrypted using high-strength cipher suites. |
| Data At Rest | AES-256 | Disk-level encryption for all Vector DBs and backups. |
| Cloud Security | Private VPC | Isolated network environment with strict ingress rules. |
| Workplace Isolation | Logical Multi-tenancy | Strict row-level security (RLS) and database isolation. |
Authentication & Access Control
Granular control over who can access your agents and how they are managed.
| Feature | Requirement | Description |
|---|---|---|
| MFA | Required | Mandatory Multi-Factor Authentication for all admins. |
| API Keys | Hashed HMAC | Keys are hashed at rest; non-recoverable if lost. |
| RBAC | Enterprise | Granular permissions (Admin, Builder, Viewer). |
| SSO | SAML / OIDC | Identity provider integration for managed teams. |
Compliance & Privacy Standards
We strictly adhere to global data protection regulations and undergo regular independent audits.
| Standard | Status | Note |
|---|---|---|
| SOC 2 Type II | Certified | Annual third-party audits of security & confidentiality. |
| GDPR | Compliant | Data Processor agreement with regional storage options. |
| HIPAA | Ready | BAA available for private cloud Enterprise deployments. |
| ISO 27001 | Aligned | Infrastructure follows ISO security management systems. |
Data Governance & Training Policy
Your proprietary data never leaves your control.
| Policy Item | Commitment |
|---|---|
| LLM Training | We NEVER use your data to train or fine-tune public models. |
| Log Persistence | Optional "Zero-Log" mode available for sensitive agents. |
| Data Ownership | You retain full legal ownership of all documents and prompts. |
| Data Portability | Export your vector indices at any time in standard formats. |
Service Level Agreement (SLA)
We provide a robust uptime guarantee for our API and agent orchestration services to ensure your production workflows are uninterrupted.
Availability Guarantee
| Plan | Monthly Uptime % | Availability Commitment |
|---|---|---|
| Starter | 99.0% | Core API availability |
| Standard | 99.9% | API & Vector DB availability |
| Enterprise | 99.99% | Custom regional redundancy & failover |
Uptime Definition
"Monthly Uptime Percentage" is calculated by subtracting from 100% the percentage of 1-minute intervals during the month in which the Crafted API is "Unavailable."
- Unavailable: System-level error or timeout for all connection attempts.
- Excluded: Scheduled maintenance and tier-1 provider outages (e.g. AWS/Azure).
Service Credits (Enterprise Only)
| Monthly Uptime Percentage | Service Credit Percentage |
|---|---|
| < 99.99% but ≥ 99.0% | 10% |
| < 99.0% but ≥ 95.0% | 25% |
| < 95.0% | 50% |
Support & Incident Management
We categorize requests to ensure mission-critical issues are resolved with the highest priority.
| Severity | Definition | Standard Response | Enterprise Response |
|---|---|---|---|
| S1 (Critical) | Production is down for all users. | 4 Hours | < 1 Hour (24/7) |
| S2 (High) | Major feature is broken, no workaround. | 8 Hours | 2 Hours |
| S3 (Normal) | Minor feature issue or API question. | 24 Hours | 4 Hours |
| S4 (Low) | Documentation or general feature request. | 48 Hours | 8 Hours |
Maintenance Windows
- Scheduled: At least 48 hours notice for potential brief interruptions.
- Emergency: Critical patches may occur with < 1 hour notice (aiming for zero-downtime).
For legal documents or to request our latest SOC2 report, please visit our Contact Page.