MoltBot is built with enterprise-grade security from the ground up. Here's how we protect your agents, data, and credentials.
Every agent runs in a dedicated, network-isolated VM. No shared tenancy for compute. Your data and processes never touch another customer's environment.
API keys and credentials are encrypted with AES-256 at rest using per-tenant keys. Secrets are injected at runtime via environment variables โ never persisted in logs.
All traffic is TLS 1.3. Agents operate in isolated VPCs with egress filtering. SSH access to agent hosts is MFA-protected and fully audited.
All agent actions, API calls, and admin access are logged with tamper-evident timestamps. Logs are retained for 90 days (Enterprise: 1 year) and exportable.
Role-based access control (RBAC) with SSO support (SAML 2.0, OIDC). MFA enforced for all admin actions. Session tokens expire after 24 hours.
Agent memory and task logs are retained for 30 days by default. Customers can request immediate deletion. We never use customer data to train models.
Encrypted credentials โ All secrets AES-256 encrypted at rest
TLS 1.3 โ All data encrypted in transit
No shared compute โ Dedicated VMs per customer
SOC 2 Type II โ Certified annually
Penetration testing โ Annual by Cure53
GDPR compliant โ EU data residency available
MFA enforced โ All admin and API key actions
Zero training use โ Your data never trains models
Audit logs โ 90-day tamper-evident log retention
Egress filtering โ Agent network access whitelisted
RBAC + SSO โ SAML 2.0 and OIDC supported
Vulnerability disclosure โ Responsible disclosure program
Our security team responds to all inquiries within 24 hours. Enterprise customers can request a dedicated security review.