Security & Trust

All traffic between your browser and AgentGRaiL travels over TLS 1.2+. Sensitive credentials are bcrypt-hashed and never stored in plaintext.

AgentGRaiL never sees or stores your full card number. All billing is processed by Stripe — PCI DSS Level 1 certified. We only retain a Stripe customer ID.

Application servers and databases run on Railway (AWS us-east-1). Data at rest is encrypted by the hosting provider. We do not sell or share personal data with advertisers.

Authentication uses short-lived, HttpOnly, Secure, SameSite cookies. There are no long-lived API tokens stored in localStorage. Sessions expire after inactivity.

We use Sentry for crash and error monitoring. Stack traces and request context are captured to help us fix bugs quickly. Personal identifiable data is scrubbed before logging.

Found a security issue? Please disclose it responsibly to security@agentgrail.ai. We will acknowledge within 48 hours and aim to remediate critical issues within 7 days.