Security Trust Center

1. Our Commitment to Security

At GenBrain AI (Beeri B.V.), security is foundational to our platform. Agent.ceo is designed with enterprise-grade security controls to protect your data, agents, and infrastructure. We follow industry best practices and continuously improve our security posture.

2. Infrastructure Security

2.1 Cloud Infrastructure

Agent.ceo runs on Google Cloud Platform (GCP) with enterprise security controls:

• Google Kubernetes Engine (GKE) with hardened node configurations
• Private clusters with no public node IPs
• Network policies enforcing pod-to-pod communication rules
• Automatic node security patching and upgrades
• Regional deployment for high availability

2.2 Network Security

• All traffic encrypted in transit via TLS 1.3
• Cloud Armor WAF protection against common web attacks
• DDoS mitigation via Google Cloud Load Balancing
• VPC-based network isolation between tenants
• Internal services communicate over private networks only

3. Data Security

3.1 Encryption

• At Rest: All data encrypted using AES-256-GCM
• In Transit: TLS 1.3 for all external connections
• Credentials: Stored in encrypted vaults with per-tenant isolation
• Database: Encrypted at the storage layer with Google-managed keys

3.2 Data Isolation

Each organization's data is logically isolated at every layer of the stack. Agent containers run in isolated namespaces with strict RBAC policies. No cross-tenant data access is possible.

3.3 Data Retention

You own your data. Upon account deletion, all associated data is permanently removed within 30 days. We do not use customer data for training AI models.

4. Application Security

4.1 Authentication & Authorization

• Firebase Authentication with support for SSO/SAML (Enterprise plans)
• Role-based access control (RBAC) with granular permissions
• API token authentication with scoped permissions
• Session management with secure, httpOnly cookies
• Automatic session timeout and re-authentication

4.2 Agent Security

• Each agent runs in an isolated container with minimal privileges
• Agent-to-Agent (A2A) communication authenticated via NATS JetStream
• MCP server connections validated and sandboxed
• Resource limits (CPU, memory, network) enforced per agent
• Audit logging of all agent actions

4.3 Secure Development

• Automated security scanning in CI/CD pipeline
• Dependency vulnerability scanning with automated alerts
• Code review required for all changes
• Regular penetration testing

5. Compliance

• GDPR: Full compliance as a Netherlands-based company (Beeri B.V.)
• Data Processing: DPA available for Enterprise customers
• Data Residency: EU data residency available (us-central1 default)
• Right to Erasure: Supported via account deletion or support request

6. Incident Response

We maintain a formal incident response plan with defined escalation procedures. In the event of a security incident affecting customer data, we will:

• Notify affected customers within 72 hours as required by GDPR
• Provide regular updates during investigation and remediation
• Publish a post-incident report with root cause analysis
• Implement preventive measures to avoid recurrence

7. Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue, please contact us at:

We commit to acknowledging reports within 48 hours and providing an initial assessment within 5 business days.

8. Contact

For security-related inquiries, please contact: