Security & compliance

Agents that can do things. On a leash.

Every Sprigr agent runs in an isolated sandbox with its own credentials, a named approval gate, and a cryptographically-signed audit trail. You see every action, and you can rewind any of them.

Talk to sales See the architecture
audit.sprigr.run · live Streaming
02:14:17 ACTION lead-agent drafted quote · signed: 9f2a… AUTO
02:14:19 READ scheduler queried google_cal / on-call OK
02:14:23 GATE approval: quote $275 under $500 threshold PASS
02:14:24 WRITE gmail · sent to sam@northshore-cafe.com OK
02:14:25 WRITE sms · +61 427 921 736 dispatched OK
02:14:26 HASH bundle · sha256: 4b1e7…d9c2 SEALED
02:15:02 READ invoice-chaser queried xero / overdue OK
02:15:08 GATE approval: tone check flagged "aggressive" REVIEW
02:15:12 HALT invoice-chaser paused → owner inbox HUMAN
Four pillars

How we keep autonomous things trustworthy.

Isolation by default.

Every business, every agent, every tool call runs in its own sandbox. Data from one customer cannot reach another. Tenants are isolated at the network, memory, and filesystem level.

  • Per-tenant runtime with dedicated memory and file scope
  • Scoped API keys per integration, rotated every 30 days
  • Outbound egress on an allow-list only

Approval gates with teeth.

Define exactly when an agent can act on its own, and when it must ask. Gates are policy, not prose. Violations halt the run and route to a human.

  • Thresholds on amount, tone, time-of-day, customer segment
  • Circuit breakers on error rate and cost
  • Named owner paged on every escalation

Signed audit trail by construction.

Every action an agent takes is hashed, signed with an ed25519 key, and chained to the previous entry. You can replay any decision and prove it wasn't edited after the fact.

  • Tamper-evident append-only log, merkle-anchored hourly
  • Replayable: re-run any step against the frozen context
  • Retention up to 7 years on Enterprise

Your data stays yours.

Sprigr never trains on your data. Full stop. You choose the region it sits in, the LLM provider it routes through, and how long it is kept.

  • Data never leaves your chosen region
  • Bring your own LLM key on Business and Enterprise
  • One-click export. One-click delete.
Security, the quiet kind

Your operations hub, but yours.

Most AI platforms run every customer on shared infrastructure. Sprigr doesn't. Every business gets its own isolated execution environment, with credentials encrypted at rest, approval gates with teeth, and a signed audit trail behind every action.

Physical data isolation

Every customer gets a dedicated execution environment. No shared databases. No leaky neighbours, ever.

Secrets encrypted at rest

API keys and credentials live encrypted in our vault, decrypted only inside your agent's sandbox at runtime.

Prompt-injection defences

Platform-level guardrails detect and block attempts to extract data or escalate privileges through crafted input.

Every action logged

Full cryptographically-signed audit trail. You see exactly what ran, when, with what inputs. Forever.

Your isolated sandbox