AES-256-GCM at rest. TLS 1.3 in transit.
Every credential stored in Aegis is encrypted with AES-256-GCM before it leaves your browser. Each record gets a unique 96-bit nonce. Keys are wrapped using envelope encryption with AWS KMS or GCP Cloud KMS.
Region-pinned, multi-cloud, and separated by design.
SlateBeaver runs across AWS and GCP with region-aware storage, isolated application services, and append-only audit systems separated from transactional data. Credential values, audit events, and key-management boundaries are not collapsed into one datastore.
MFA, SSO, hardware keys, and JIT.
SlateBeaver enforces multi-factor authentication on every account. Business and Enterprise plans support SAML 2.0 and OIDC SSO. Hardware key support via WebAuthn. Session lifetime is 8 hours with configurable idle timeout.
Aegis's audit trail and RBAC are built specifically to support SOC 2, ISO 27001, and GDPR audits.
Append-only. Cryptographically chained. Exportable.
Every action in Aegis - every reveal, edit, export, grant, and revoke - is written to a tamper-evident, append-only log. Entries are chained with SHA-256 hashes. Export to Datadog, Splunk, or raw JSON via API.
Safe-harbor, 90-day deadline, hall of fame.
We operate a coordinated disclosure program. If you find a vulnerability, email security@slatebeaver.com. We promise to acknowledge within 12 hours and resolve Critical issues within 7 days. PGP key available on request.
-----BEGIN PGP PUBLIC KEY BLOCK----- Key-Type: RSA Key-Length: 4096 Name-Real: SlateBeaver Security Team Name-Email: security@slatebeaver.com Fingerprint: 3F1A 9B2C ... -----END PGP PUBLIC KEY BLOCK-----
Frameworks we’re audited against.
Data processing agreements available. EU data residency option.
All five trust service criteria. Annual renewal.
Information security management. Certified Nov 2025.
BAA available on Enterprise plans.
In scope assessment planned Q4 2026.
California privacy law compliant. Privacy controls in dashboard.