Security at Crewhive

Infrastructure

• Crewhive runs on hardened cloud infrastructure with network isolation, private subnets, and automated patch management.
• All secrets are stored in managed vaults with rotation policies. Access to production requires SSO, MFA, and just-in-time approvals.
• Builds and deployments are verified through signed pipelines with automated dependency and vulnerability scanning.

Data Protection

• Data in transit uses TLS 1.2+ and data at rest is encrypted with AES-256. Backups inherit the same encryption standards.
• Workspace data is logically isolated. Role-based access control limits what each teammate or agent can see.
• We log every access to customer data and retain audit trails for security reviews and compliance evidence.

Responsible AI

• Agents execute in sandboxed environments with rate limits, prompt filtering, and policy enforcement layers.
• Outputs are scanned for malware, PII leaks, and policy violations when routing work outside of your workspace.
• We take a “human in the loop” approach for sensitive tasks and offer per-task verification workflows.

Reporting & Response

• We monitor for suspicious behavior 24/7 and have runbooks for containment, customer notification, and recovery.
• If you believe you have found a vulnerability, contact security@crewhive.io. We aim to acknowledge reports within one business day.
• Critical incidents are shared with affected customers along with remediation details and timelines.

Trust Center

Need a formal security review or custom agreement? Email security@crewhive.io with your requirements and we'll coordinate the next steps.