Operations

Security by architecture,
not afterthought.

Your code, your infrastructure, your rules. Orqista is designed from the ground up so your data stays under your control — whether you run in the cloud or on your own hardware.

Request Access

COMPLIANCE STANDARDS

NIS2
active
87%
SOC2
active
94%
ISO27001
active
76%
HIPAA
inactive
--
PCI-DSS
active
82%

AUDIT CHAIN

0x3fa2c1
RULE_EVALUATED
PASS
0x9c1b44
RULE_EVALUATED
PASS
0xb72e09
EXCEPTION_GRANTED
LOG
0x41fd3a
RULE_EVALUATED
BLOCK
0xc83e17
APPROVAL
PASS

GUARDRAIL ENGINE

content-pattern PASS ✓
infrastructure PASS ✓
process PASS ✓
dependency PASS ✓
secret PASS ✓
naming PASS ✓
testing PASS ✓
quality
BLOCKED public S3 bucket
Standards activate — NIS2, SOC2, ISO 27001 score bars fill as controls pass
Audit chain grows — every enforcement decision is hash-chained and logged
Engine evaluates — 8 rule categories checked; violations are blocked in red

Data Sovereignty

  • Self-hosted option means code never leaves your network
  • Cloud option uses isolated, encrypted infrastructure
  • No AI model training on your code — ever
  • Full control over data retention and deletion

GDPR / DSGVO Compliance

  • EU data residency for cloud deployments
  • Data minimization — agents only access what they need
  • Right to deletion and data portability
  • Self-hosted, cookie-free analytics — no third-party data sharing

Agent Safety

  • Layered guardrails constrain every expert agent action
  • Human approval gates before any code execution
  • Command allowlists prevent unauthorized operations
  • Input sanitization on all user-facing endpoints

Access Control

  • API key authentication for all endpoints
  • Secrets are redacted in API responses and logs
  • Full audit trail for every expert agent action
  • Configurable per-user approval authorization

Encryption

  • TLS in transit for all communications
  • Encryption at rest for database storage
  • Secrets managed via environment or parameter store
  • No plaintext credentials in logs or responses

Offline Capability

  • Run with local AI models — zero internet dependency
  • Air-gapped deployment for high-security environments
  • No external API calls required after setup
  • Full platform functionality without connectivity

Defense in depth

Security is not a single layer. Orqista enforces guardrails at the global, group, project, and task level. Locked rules at the global level cannot be exempted anywhere. Every agent execution is sandboxed with path validation and command allowlists.

Related Features

GuardrailsGroupsExpert Agents

Security questions? Let's talk.

Request access and we'll walk through our security architecture for your specific requirements.

Request Early Access