Security posture
The beta security posture focuses on scoped access, tenant separation, conservative public claims, safe audit logs, private-beta portals, and exportability. StateVault does not claim formal compliance certification on this page.
Trust & legal
Security Brief
StateVault is designed as private infrastructure for agent memory. This brief describes the beta security posture without making compliance or certification claims.
Tenant and vault isolation
StateVault serves many client tenant accounts. Each client can operate multiple vaults, and each vault is modeled as its own isolated container and database silo. Current beta workflows keep requests tenant-scoped and meter calls by tenant, vault, method, and operation.
Access controls
- Customer API access uses scoped keys and tenant-aware authorization.
- Customer and operator portals are separated and remain private-beta noindex surfaces.
- Raw keys and secrets are not exposed through public pages or deploy packages.
- Unsafe account, billing, and operator mutations are gated by role and audit expectations.
Zero-training position
Customer state, context records, files, embeddings, exports, and tenant usage data are not used to train foundation models. StateVault's role is private custody, retrieval, metering, and export support.
Operational controls
Beta operations include health checks, readiness checks, backup planning, release snapshots, page-readiness audits, platform test reporting, resource reporting, and a planned maintenance mode. Security questions can be sent to info@statevault.ai.