Eigent Security & Trust

Customer-controlled deployments

Eigent services can be deployed or operated in environments controlled by the customer, with data boundaries documented in the applicable agreement.

Customer-selected providers

Where customers connect their own cloud, model, data, or tool providers, those relationships are governed by the customer's agreements with those providers.

Eigent-operated services

Eigent-operated cloud, support, and professional services are handled under the Terms, Privacy Policy, and applicable DPA or order form.

Core commitments

Clear boundaries for customer data.

Eigent will not directly use Customer Data, including prompts, inputs, outputs, files, or other Customer Content, in its original or identifiable form to train, fine-tune, or improve AI or machine learning models.

For the avoidance of doubt, Eigent may use data derived from the operation and use of the Services only where such data has been aggregated, synthesized, anonymized, or otherwise rendered non-personal under applicable data protection laws ("Derived Data"). Derived Data shall not include Customer Data in its original or identifiable form, Customer Confidential Information, Personal Data, or any information that could reasonably identify Customer, its users, or any individual.

Customer acknowledges that Eigent owns all rights, title, and interest in and to Derived Data and may use such Derived Data for lawful business purposes, including analytics, benchmarking, product improvement, service optimization, security monitoring, and commercialization, provided that such use does not disclose Customer Confidential Information, Personal Data, or any identifiable information.

Different Eigent services can be deployed, operated, or supported in different ways. For customer-controlled deployments and customer-selected provider workflows, the customer retains control over the selected infrastructure, model providers, and connected tools. Eigent-operated services are documented separately so customers can understand which data is processed where.

Data protection

Data minimization across service, support, and cloud-connected workflows
Retention boundaries documented by deployment model and applicable agreement
Cloud-connected data handling documented under the applicable DPA

Encryption

TLS-protected network communications for cloud-connected services
Encryption at rest for cloud-hosted data and backups
Key-management details available to enterprise customers under NDA

Access control

Least-privilege access for production systems
MFA and role-based access controls for administrative access
Production access logging and periodic access review processes

Infrastructure security

Managed cloud infrastructure selected by service line, region, and customer requirements
Network segmentation and private infrastructure patterns where applicable
Configuration monitoring and security baselines for cloud environments

Secure development

Open-source components and product repositories available for review where applicable
Peer review and security checks in the development lifecycle
Third-party penetration testing planned or available under NDA as applicable

Automation safeguards

Automated workflows can be scoped to permissions selected by the customer
Human review can be required for sensitive or high-impact actions
Security and governance evidence available for enterprise review

Enterprise evidence under NDA

Enterprise customers and security reviewers can request supporting documentation through the security contact listed below.

Architecture and data-flow documentation

Data Processing Addendum

Subprocessor list

Security policies and control summaries

Penetration-test summaries

SOC 2 and ISO 27001 roadmap or reports

Customer-selected providers

Cloud platforms, model APIs, MCP tools, data sources, and third-party services selected by the customer are governed by the customer's own agreements.

Data retention

Customer-controlled deployments and Eigent-operated services may have different retention boundaries. Retention terms are documented in the applicable DPA, order form, or service documentation.

Incident response

Eigent maintains an incident-response process and handles breach notifications according to applicable law and customer agreements.

Security questions

For vulnerability reports, enterprise security reviews, or document requests, contact the Eigent security team.

security@eigent.ai

Customer-controlled deployments

Eigent services can be deployed or operated in environments controlled by the customer, with data boundaries documented in the applicable agreement.

Customer-selected providers

Where customers connect their own cloud, model, data, or tool providers, those relationships are governed by the customer's agreements with those providers.

Eigent-operated services

Eigent-operated cloud, support, and professional services are handled under the Terms, Privacy Policy, and applicable DPA or order form.

Core commitments

Clear boundaries for customer data.

Data protection

Data minimization across service, support, and cloud-connected workflows
Retention boundaries documented by deployment model and applicable agreement
Cloud-connected data handling documented under the applicable DPA

Encryption

TLS-protected network communications for cloud-connected services
Encryption at rest for cloud-hosted data and backups
Key-management details available to enterprise customers under NDA

Access control

Least-privilege access for production systems
MFA and role-based access controls for administrative access
Production access logging and periodic access review processes

Infrastructure security

Managed cloud infrastructure selected by service line, region, and customer requirements
Network segmentation and private infrastructure patterns where applicable
Configuration monitoring and security baselines for cloud environments

Secure development

Open-source components and product repositories available for review where applicable
Peer review and security checks in the development lifecycle
Third-party penetration testing planned or available under NDA as applicable

Automation safeguards

Automated workflows can be scoped to permissions selected by the customer
Human review can be required for sensitive or high-impact actions
Security and governance evidence available for enterprise review

Enterprise evidence under NDA

Enterprise customers and security reviewers can request supporting documentation through the security contact listed below.

Architecture and data-flow documentation

Data Processing Addendum

Subprocessor list

Security policies and control summaries

Penetration-test summaries

SOC 2 and ISO 27001 roadmap or reports

Customer-selected providers

Cloud platforms, model APIs, MCP tools, data sources, and third-party services selected by the customer are governed by the customer's own agreements.

Data retention

Customer-controlled deployments and Eigent-operated services may have different retention boundaries. Retention terms are documented in the applicable DPA, order form, or service documentation.

Incident response

Eigent maintains an incident-response process and handles breach notifications according to applicable law and customer agreements.

Security questions

For vulnerability reports, enterprise security reviews, or document requests, contact the Eigent security team.

security@eigent.ai

Security and data protection across Eigent services.

Customer-controlled deployments

Customer-selected providers

Eigent-operated services

Clear boundaries for customer data.

Data protection

Encryption

Access control

Infrastructure security

Secure development

Automation safeguards

Enterprise evidence under NDA

Customer-selected providers

Data retention

Incident response

Security questions

Security and data protection across Eigent services.

Customer-controlled deployments

Customer-selected providers

Eigent-operated services

Clear boundaries for customer data.

Data protection

Encryption

Access control

Infrastructure security

Secure development

Automation safeguards

Enterprise evidence under NDA

Customer-selected providers

Data retention

Incident response

Security questions