Security

Zero data plane by design.

AgentGuard Spend runs in process. Prompts, completions, API keys, policies, and signing keys stay in the customer runtime. The public verifier checks receipts without becoming part of the data path.

Receipt verification

Every governed decision can be checked with Ed25519 signature verification and hash-chain validation. See the product boundary in the legal FAQ.

Infrastructure notes

Hosted endpoints are used for account, license, and optional telemetry workflows. AI calls and policy enforcement remain customer to provider.