Security · governance

Security for project knowledge, not just data storage.

ContextStream is designed to keep decisions, lessons, docs, code context, Capsules, and agent workflows scoped, controlled, and reviewable.

Talk to security →

Data handling

We read the shape of the project, not the contents — by default. Source contents stay where they live.

Encryption

In transit and at rest. Per-workspace keys for Enterprise; KMS-backed.

Access control

Roles, scopes, and per-engagement boundaries. Audit log exportable to your SIEM.

Scopes & boundaries

Personal, project, team, client, agent-visible. Boundaries enforced in product, not just documented.

Redaction

Author-visible diff between source slice and recipient view. Redactions apply to Capsules and cross-scope promotions.

Local-only mode

Available on Enterprise. Indexing and graph storage stay inside your boundary; no calls to ContextStream cloud.

Self-host or VPC

Enterprise plans support self-hosted and VPC deployment. Solo and Team are cloud-only today.

Verified handoffs

Cryptographic signing available on Enterprise for handoffs that must be agent-verifiable.

Incident process

Public status page, internal runbooks, post-incident lesson capture (yes — into ContextStream).

01 Compliance roadmap

Stated honestly.

We won't claim what we haven't earned. Here's where we are today, and where the next milestones are.

SOC 2 Type II audit underway

Type II audit in progress. We can share scope and timeline with prospective Enterprise customers.

SOC 2-ready controls

Access reviews, change management, encryption, incident response, vendor management — implemented and operating.

DPA · procurement support

Standard DPA, subprocessor list, security questionnaire, procurement routing for Enterprise customers.

We do not claim "SOC 2 compliant" or "SOC 2 certified" until the Type II report is issued.
02 Enterprise deployment

Cloud, VPC, or self-hosted.

01

Cloud (default)

Multi-tenant cloud with per-workspace KMS keys and standard SOC 2-ready controls.

Read more →
02

VPC

Dedicated VPC deployment for Enterprise. Same product, your network boundary.

Read more →
03

Self-hosted

Run ContextStream inside your perimeter. Available by request on Enterprise.

Read more →

Talk to security.

Procurement support, security overview, DPA, and architecture questions.

Talk to us