Security
EvalOps is built by a team that has spent careers securing infrastructure at scale. Security isn't a feature we added — it's how we think about every layer of the system.
Infrastructure
- —Zero-trust networking with no public ingress — all services authenticated at the network layer
- —Kubernetes with policy enforcement, runtime threat detection, and continuous vulnerability scanning
- —HashiCorp Vault for secrets management with per-service scoping and automatic rotation
- —Weekly chaos drills and backup restore validation in disposable clusters
Data Protection
- —AES-256 encryption at rest, TLS 1.3 in transit for all communication
- —Customer-managed encryption keys for Dedicated and Private Cloud deployments
- —Client-side field-level redaction for PII and secrets before data leaves your environment
- —Row-level security for multi-tenant isolation — no shared data plane between workspaces
Access Control
- —SSO/SAML with Okta, Azure AD, and Google Workspace
- —Role-based access control with least-privilege defaults and just-in-time write access
- —Comprehensive audit logging of all access, changes, and tool executions
- —Approval gates on all high-stake agent actions — humans in the loop for writes
Compliance
- —SOC 2 Type II (in progress)
- —GDPR compliant with Data Processing Agreement available
- —HIPAA supported for Dedicated and Private Cloud deployments with BAA
- —Private Cloud option for air-gapped, on-premises operation with zero external telemetry
For security inquiries, vulnerability reports, or to request penetration test results under NDA: security@evalops.dev