Security Is the Product

Architecture, operational controls, and the actual infrastructure that powers Ardyn's attestation and governance services.

Defense in Depth

Ardyn runs on Google Cloud Platform with VPC-isolated compute, TLS termination at the edge, and hardware-backed attestation for verifiable execution integrity.

Execution Isolation

Every governed action runs against an attested boundary. Governance evaluates policies on the production origin. Hardware attestation verification uses AMD SEV-SNP — cryptographically proven end-to-end against a pinned AMD root.

Tamper-Evident Evidence

All governance decisions are hashed and committed to an append-only trace. Every ALLOW, BLOCK, or ESCALATE carries a SHA-256 proof hash — independently verifiable, mathematically provable.

Deterministic Replay

Every decision trace is replayable. Nine-layer Control Spine evaluation is deterministic — given the same inputs and policy, any auditor can independently reconstruct and verify the outcome.

  • TLS 1.3 via Cloudflare (auto-renewal)
  • SHA-256 for governance proof hashing
  • SHA-384 for AEA evidence hashing
  • Ed25519 for service signing operations
  • X.509 certificate chain validation for TEE attestation
  • Per-tenant signing key isolation
  • API key hashing at rest (SHA-256)
  • 0600 permission enforcement on credential files
  • No plaintext secrets in logs or environment dumps

Production Environment

Production infrastructure runs on cloud compute with hardware attestation capability. Axiom governance runs as a separate service on dedicated infrastructure with AMD SEV-SNP for attestation verification.

Cloudflare Tunnel
Production Gateway
Gateway + Trust Plane
HTTP
Axiom Governance
Governance Runtime

The Axiom governance service runs in an isolated compute environment. All external traffic is gated through Cloudflare with TLS termination. Hardware attestation verification (AMD SEV-SNP) is cryptographically proven end-to-end against a pinned AMD root.

Network Security Live

Compute instances are network-isolated. The governance service listens only on internal interfaces. External ingress is gated through Cloudflare with TLS termination.

Hardware Attestation Live

AMD SEV-SNP provides cryptographic proof of execution environment integrity — proven end-to-end against a pinned AMD root, with offline re-derivation and zero network calls for verification.

Process Isolation Live

All services run with resource limits and restricted filesystem permissions. No shared writable volumes between the public-facing gateway and the governance runtime.

Monitoring Live

Continuous health monitoring across all services. The gateway health endpoint reports service status, version, and available endpoints. Degradation triggers automated response.

Backup & Recovery Live

Nightly encrypted backups of all persistent data stores. Backups are stored with geographic redundancy. Recovery procedure documented and tested.

How We Handle Data

Ardyn does not train on customer data or sell data. Account metadata (organization name, email, billing contact) is retained per the Privacy Policy. Execution payloads are retained only for the duration of the verification window and purged thereafter.

What We Store

  • DDC attestation records (metadata only)
  • Governance decision traces and proof hashes
  • Policy definitions and version history
  • Agent identity and trust profiles
  • Billing and DDC attestation volume records

What We Don't

  • Model weights or training data
  • Customer execution payloads
  • Personally identifiable information (PII)
  • Proprietary business logic or prompts
  • Tool input parameters beyond governance summaries

When Things Go Wrong

Documented response procedures ensure every incident is detected, contained, resolved, and reported.

Enterprise Readiness In Progress

Ardyn is actively building toward formal compliance certifications. Current posture and roadmap:

SOC 2 Planned

SOC 2 Type II audit is on the roadmap. Current controls (access logging, change management, backup verification) are being formalized to meet trust services criteria.

GDPR Aligned

Ardyn processes metadata only — no PII, no customer content. Data stays within the production region. DDC records are customer-owned and exportable on request.

Penetration Testing Planned

External penetration testing is scheduled. The gateway API has been designed with input validation, rate limiting, and deny-by-default governance semantics from day one.

Schedule a Security Review

Want to review our architecture in detail? Contact enterprise@ardyn.ai for a technical deep-dive with our engineering team.