Security Overview

Deeployd is built with enterprise security in mind. From authentication to audit logs, every layer is designed for compliance and control.

Security Center

Business and Enterprise users can access all security features from the Security Center hub in the top navigation bar. The Security Center provides a unified interface for managing approvals, audit logs, SSO, SCIM, incidents, and more. Learn more about Security Center.

Security Architecture

┌─────────────────────────────────────────────────┐
│                    Users                         │
└──────────────────────┬──────────────────────────┘
                       │
                       ▼
┌─────────────────────────────────────────────────┐
│              Authentication Layer                │
│  • JWT tokens  • API keys  • SSO/SAML  • MFA    │
└──────────────────────┬──────────────────────────┘
                       │
                       ▼
┌─────────────────────────────────────────────────┐
│              Authorization Layer                 │
│  • RBAC  • Permissions  • Tenant isolation      │
└──────────────────────┬──────────────────────────┘
                       │
                       ▼
┌─────────────────────────────────────────────────┐
│               Audit Layer                        │
│  • Action logging  • SIEM export  • Alerts      │
└─────────────────────────────────────────────────┘

Key Security Features

Authentication

Feature	Description
JWT Tokens	Secure session management
API Keys	Programmatic access
SSO/SAML	Enterprise identity providers
MFA/2FA	Multi-factor authentication

Authorization

Feature	Description
RBAC	Role-based access control
Permissions	Granular permission model
Tenant Isolation	Data separation
Approvals	Human oversight for sensitive ops

Compliance

Feature	Description
Audit Logs	Complete activity history
SIEM Integration	Export to security tools
Data Retention	Configurable policies
SCIM	Automated user provisioning

Security by Plan

Feature	Starter	Pro	Business	Enterprise
JWT Auth	Yes	Yes	Yes	Yes
API Keys	5	25	100	Unlimited
MFA/2FA	-	Yes	Yes	Yes
SSO/SAML	-	-	Yes	Yes
SCIM	-	-	Yes	Yes
Audit Logs	7 days	30 days	90 days	Custom
SIEM Export	-	-	-	Yes
Custom Retention	-	-	-	Yes
IP Allowlisting	-	-	-	Yes
Custom SLAs	-	-	-	Yes

Data Protection

Encryption

State	Method
In Transit	TLS 1.3
At Rest	AES-256
Secrets	AES-256 with key rotation
Backups	Encrypted with separate keys

Data Residency

Enterprise customers can choose data location:

• US: Virginia, Oregon
• EU: Frankfurt, Ireland
• APAC: Singapore, Sydney

Data Retention

Default retention periods:

Data Type	Default	Configurable
Conversations	90 days	Yes
Audit Logs	30 days	Yes
Agent Memory	90 days	Yes
Task History	30 days	Yes

Compliance Standards

Deeployd maintains compliance with:

• SOC 2 Type II - Security, availability, confidentiality
• GDPR - EU data protection
• CCPA - California privacy
• HIPAA - Healthcare (Enterprise)
• ISO 27001 - Information security (in progress)

Security Best Practices

1. Use SSO When Possible

// Enterprise: Enforce SSO for all users
await client.settings.update({
  authentication: {
    requireSso: true,
    allowedDomains: ['company.com']
  }
});

2. Enable MFA

// Require MFA for admin users
await client.settings.update({
  authentication: {
    mfaRequiredRoles: ['owner', 'admin']
  }
});

3. Rotate API Keys

// Rotate keys regularly
await client.apiKeys.rotate('key-123');

4. Review Audit Logs

// Regular security reviews
const logs = await client.audit.list({
  severity: 'critical',
  startDate: '2024-01-01'
});

5. Use Least Privilege

// Assign minimal permissions
await client.users.updateRole('user-123', {
  role: 'member', // Not admin
  permissions: ['agent.read', 'agent.chat']
});

Security Contact

For security issues or vulnerability reports, please email security@deeployd.com.

---

Next: Learn about Authentication in detail.