Skip to main content
AgentHubby MVS
MarketplacePricingDocsTrustHelp
Back to docs

Topic · Security and compliance

Security and compliance

AgentHub is built for enterprise procurement review. Tenant isolation is forced at the data layer, every secret is encrypted at rest under per-tenant key derivation, and every action lands in a hash-chained audit log that is verified daily.

SOC 2 Type II

AgentHub is designed to support SOC 2 Type II controls across the security, availability, confidentiality, and processing-integrity criteria. The control set covers row-level tenant isolation, encryption at rest and in transit, role-based access, change management, vendor management, incident response, and continuous audit monitoring. The current Type II report is available under NDA — request it from security@mvsagents.ai.

HIPAA mode

A hardened HIPAA configuration is available for healthcare-vertical packs (prior authorization, claims status, denial appeals, chart review). HIPAA mode adds:

  • A signed Business Associate Agreement (BAA) on enterprise plans.
  • Tighter logging retention and PHI-aware redaction in audit payloads.
  • Strict scope-set enforcement on connectors that touch PHI sources.
  • Workforce training requirements for AgentHub personnel with PHI access.
  • A dedicated incident-response runbook with the published 60-minute notification SLA.

Healthcare packs that have not been certified for HIPAA mode are blocked from running in HIPAA-mode workspaces by construction — there is no toggle that quietly downgrades the protection level.

Data residency

Each workspace is provisioned in a single region. Storage stays in that region and cross-region requests for serving are minimized. Customers on enterprise plans can pin residency to specific US, EU, or UK regions, with infrastructure isolation guaranteed by the underlying cloud provider’s region boundaries.

Encryption

Traffic to and from AgentHub is TLS 1.2 or higher. Sensitive fields — API keys, webhook signing secrets, OAuth refresh tokens, connector credentials — are encrypted at rest with AES-GCM under per-tenant key derivation. Key rotation is automatic; rotated keys are kept available for 30 days so in-flight tokens decode cleanly during the cutover.

Audit chain

Every state-changing event lands in an append-only audit log. Each entry stores the SHA-256 hash of the prior entry’s payload, forming a per-workspace hash chain. A scheduled cron walks the chain end-to-end every 24 hours; any broken link pages on-call. Admins can run the same verification on demand and download a signed proof for any time window. See /docs/audit-logs for the schema and export endpoints.

Authentication and access

Authentication supports passwordless email plus SAML and OIDC single sign-on, with SCIM provisioning available on enterprise plans and email-domain allowlists for just-in-time OIDC user creation. Inside the dashboard, role-based access (owner, admin, member, viewer) gates configuration changes; per-tool approval policies (see /docs/permissions-and-approvals) gate every external action.

Backups and incident response

Backups use managed point-in-time recovery on the data store with a documented restore runbook. Published recovery targets: RPO under 5 minutes, RTO under 4 hours. The platform is monitored 24/7; page-eligible incidents trigger oncall and the public /status page is updated as the incident progresses. Vulnerability reports are welcome at security@mvsagents.ai under the responsible-disclosure policy linked from the help center.

Still have questions?

The help center has FAQs and a direct support contact, and the status page tracks every platform incident in real time.

Visit /helpBack to docs
AgentHub

Trusted AI agents for operational workflows. Approval-gated, evidence-cited, audit-ready.

Built with care in MVS Cloud.

Product

  • Marketplace
  • Pricing
  • Dashboard
  • Changelog

Trust

  • Security
  • Privacy
  • Terms
  • AUP
  • DPA
  • Subprocessors
  • Data residency

Company

  • Help
  • Status
  • Roadmap
  • Contact
© 2026 MVS Cloud. AgentHub is operated by MVS Holdings.