Security

Security is the
product.

getai.id exists to make AI agents accountable. That mandate starts with the security of the platform itself — encryption, access control, audit logging, and a coordinated-disclosure channel for researchers.

Encryption everywhere

AES-256 at rest, TLS 1.2+ in transit, customer-managed keys for enterprise deployments. Off-chain identity records never touch a public network in plaintext.

Least-privilege access

Role-based access controls with MFA on every administrative path. Production access is short-lived, signed, and logged to an immutable audit trail.

SOC 2 Type II + ISO 27001

Audit-ready evidence packs aligned with SCAP-compatible exports, quarterly penetration tests, and continuous control monitoring.

Dedicated infrastructure

Enterprise customers run on isolated tenancy with dedicated registry shards, dedicated attestation gateways, and customer-controlled jurisdictions.

Coordinated disclosure

Found a vulnerability?

We work with security researchers under a safe-harbor policy. Submit reports to security@deepidv.com with a description, reproduction steps, and the impact you observed.

  • Acknowledgement: within 24 hours.
  • Triage: within 72 hours, with a named engineer.
  • Fix windows: 30 days for critical, 60 days for high, 90 days for medium.
  • Credit: public hall-of-fame on this page, or anonymous on request.
  • Safe harbor: good-faith research that avoids privacy violations and service disruption is authorized.

For PGP-encrypted submissions, request our public key from security@deepidv.com.

Privacy PolicyTerms of ServiceAcceptable Use