We label what is implemented, what is a design goal, and what is contractual. No claim floats.
Trust & Security

Every action goes through one controlled door.

Solace runs work on your behalf, so the architecture is built around a single controlled egress, strict per-tenant isolation, and an evidence trail for every side effect. Below, each control is tagged so you always know whether it is implemented today, a design goal, or a contractual option.


Data-flow architecture

One egress. No side doors.

The runtime that executes work on your machine never holds an LLM API key, never talks to a database directly, and never reaches a third-party service on its own. Everything flows through Solace's controlled backend.

worker → ExecutionContext → solaceagi.com (sole egress) → LLM / storage / integrations

Because every side effect passes through one mediated choke point, it can be scoped, budgeted, logged, and — if needed — stopped. A worker that tries to bypass it does not run.

Controls

What's in place.

Implemented

Single controlled egress

All network activity routes through solaceagi.com. The on-machine runtime holds no third-party keys.

Implemented

Per-tenant isolation

Each customer runs in its own tenant scope. Cross-tenant data access is a forbidden state, not a config toggle.

Implemented

No customer-held keys

You never hold or paste an LLM API key. Solace provisions and rotates credentials on your behalf.

Implemented

Evidence trail

Every side effect — LLM call, browser action, data write — is recorded to an append-only evidence log.

Implemented

Delegated Access

Actions on your accounts run under explicit, revocable delegated authority — OAuth 2.0-compatible, with consent and an audit record. You can revoke at any time.

Implemented

WorldData separation

Public/licensed market data is kept separate from your private customer records. Your data is never resold.

Design goal

SOC 2 posture

We build to SOC 2 control practices. We do not yet claim a completed SOC 2 audit; when one is complete, it will say so here with a date.

Contractual option

HIPAA / BAA

For qualifying healthcare engagements, a Business Associate Agreement and hardened deployment are available as a contracted option — not a default claim.

Contractual option

Self-host / air-gap

Regulated customers can run the entire department on-premise under a premium license.

Our claims rule

If it isn't real, it isn't here.

Every security statement on this site must be one of four things: a control implemented today, a certification actually completed, a design goal clearly labeled as such, or a customer-specific contractual option. Anything that doesn't fit one of those is removed — including any older "OAuth3", absolute-guarantee, or unearned-compliance language you may find cached elsewhere on the web. Those pages are being retired.