Security-first by design.
Enterprise-grade security isn't an add-on — it's foundational. Every layer of Team Two is built to protect your data, meet compliance requirements, and give your security team confidence.
Compliance & certifications
Built for regulated industries.
ISO 27001 Certified
Our information security management system is ISO 27001 certified. Annual audits, documented controls, continuous risk assessment, and a dedicated security team ensure your data is protected by internationally recognized standards.
GDPR Compliant
Full compliance with the General Data Protection Regulation. We offer Data Processing Agreements (DPA), support data subject rights (access, erasure, portability), maintain lawful basis documentation, and appoint a Data Protection Officer.
EU AI Act Ready
Designed to meet the EU AI Act's requirements from day one. Transparency obligations, mandatory human oversight, risk classification documentation, and full audit trails for every AI decision. Your agents are compliant by architecture, not afterthought.
Infrastructure
Hosted in the EU. Secured at every layer.
All data is processed and stored in AWS Stockholm (eu-north-1). Nothing leaves the European Union unless you explicitly choose otherwise.
AWS Stockholm (eu-north-1)
Primary data center in Stockholm, Sweden. EU data residency guaranteed.
VPC Isolation
Dedicated Virtual Private Cloud with private subnets, network ACLs, and security groups. No public-facing database endpoints.
Encryption at Rest
All data encrypted with AES-256. Database, file storage, backups — everything at rest is encrypted using AWS KMS managed keys.
Encryption in Transit
TLS 1.3 enforced on all connections. Internal service-to-service communication encrypted. Certificate pinning for critical paths.
Automated Backups
Point-in-time recovery with automated daily backups retained for 30 days. Cross-region backup replication available for Enterprise.
DDoS Protection
AWS Shield and WAF protect all endpoints. Rate limiting, IP allowlisting, and automated threat detection at the edge.
Data protection
Your data stays yours.
Tenant Isolation
Every database query is scoped by tenant ID. Row-level security ensures no data leaks between organizations. Separate encryption keys per tenant available on Enterprise.
Credential Encryption
All third-party credentials (Slack, Jira, Notion tokens) are encrypted with AES-256-GCM before storage. Decrypted only at runtime, never logged, never cached in plaintext.
Data Residency
All data processed and stored in EU (Stockholm). No transatlantic transfers unless you opt in. BYOK customers can route LLM traffic through their own accounts for zero-exposure.
Retention & Deletion
Configurable data retention policies per tenant. Full right-to-erasure support — when you delete, we delete. No data mining, no secondary use.
No Training on Your Data
Your conversations, documents, and agent interactions are never used to train any model — ours or third-party. Your data is your competitive advantage, not ours.
BYOK (Bring Your Own Keys)
Connect your own Anthropic, OpenAI, or vLLM deployment. Sensitive data stays within your infrastructure. We route traffic but never store prompts or completions.
Platform security
Defense in depth across every layer.
Authentication
JWT tokens with 7-day expiry and API keys (SHA-256 hashed, ap_ prefix). Multi-strategy auth with automatic fallback.
Role-Based Access Control
Three-tier role hierarchy (Admin > Manager > Member) with granular permissions. agents:read, knowledge:write, settings:admin — each action scoped and enforced.
Tenant Guard
Every API request validated against the authenticated user's tenant. Cross-tenant access is architecturally impossible — not just policy, but code.
Audit Logging
Every POST, PUT, PATCH, DELETE request automatically captured. User, action, resource, IP address, timestamp — stored immutably for compliance review.
Tool Policies & Sandboxing
File-based tools use workspace guards to prevent directory traversal. Tool access configurable per agent. Output redaction strips sensitive patterns before delivery.
Session Isolation
Deterministic session keys (tenantId:agentId:channel:userId) ensure conversation isolation. No session can access another tenant's context.
LLM & AI safety
AI you can trust and verify.
Human-in-the-Loop
Approval gates let agents pause and ask for human judgment before executing sensitive actions. Consult mode, clarifying questions, and escalation paths are built in.
Agent Boundaries
Each agent has a defined persona, tool set, and knowledge scope. Agents cannot exceed their boundaries — they only access what you explicitly grant.
Prompt Injection Mitigation
System prompts are isolated from user input. Input sanitization, output validation, and boundary enforcement reduce prompt injection surface area.
Configurable Tool Access
Per-agent tool policies control which tools are available. Master agents get spawn tools; sub-agents don't — preventing recursive agent chains.
Provider Flexibility
Route sensitive workloads through local vLLM (data never leaves your network) or cloud providers with gateway policies. Automatic fallback ensures availability.
Full Observability
Real-time streaming shows every stage: routing, thinking, tool calls, sub-agent progress. Every token tracked, every decision auditable. No black boxes.
Operational security
How we run the ship.
SOC 2 Type II
Currently in progress. Our controls for security, availability, and confidentiality are being formally audited. Expected completion Q3 2026.
Penetration Testing
Annual third-party penetration tests by accredited firms. Findings remediated within SLA timelines. Reports available to Enterprise customers under NDA.
Incident Response
Documented incident response plan with defined severity levels, escalation paths, and communication protocols. 24-hour notification commitment for security events.
Vulnerability Management
Continuous dependency scanning, automated CVE monitoring, and a patch management policy. Critical vulnerabilities addressed within 24 hours.
Employee Security
Background checks, security awareness training, least-privilege access, and mandatory 2FA for all employees. Access to production systems restricted and audited.
Responsible Disclosure
We welcome security researchers. Report vulnerabilities to security@tt2.ai. We respond within 48 hours and recognize valid findings.
Questions about security?
Our security team is here to help. Request our security whitepaper, review our DPA, or schedule a security deep-dive.