EVEDY
ENDE

Built For Scrutiny. Designed For Trust.

Exclusive architecture delivering proven auditability, instant governance, and enterprise-grade security controls.

Request Security Review

Our Trust Framework

Security
Enterprise-grade encryption, IAM synchronization, and zero-trust architecture across all deployment models.
Privacy & Data
Data sovereignty controls, customer-cloud deployment, and strict data isolation by design.
Compliance
Audit logging, policy tracking, and documentation aligned to SOC 2, ISO 27001, and regulated industries.
Availability
SLA-backed uptime guarantees with multi-region redundancy and automated failover.

Why Governance Matters Now

Enterprise AI usage has moved from experimentation to production faster than governance frameworks could adapt. Shadow AI, uncontrolled agent execution, and regulatory gaps are now board-level risks. FINMA, the EU AI Act, and sector-specific mandates are raising the bar for accountability. EVEDY exists because governance can no longer be an afterthought — it must be infrastructure.

Security Architecture Deep-Dive

All data in transit is protected with TLS 1.3. Data at rest uses AES-256 encryption with automatic key rotation every 90 days. Customer-managed keys (BYOK) are supported for customer-cloud and air-gapped deployments, enabling full cryptographic control without platform dependency.

Security Controls

Encryption

TLS 1.3 in transit

Implemented

AES-256 at rest with 90-day key rotation

Implemented

Access Control

IAM-Synchronized RBAC

Implemented

MFA enforcement for all admin access

Implemented

Network Security

Zero-trust network architecture

Implemented

Application Security

SAST/DAST in CI/CD pipeline

Implemented

Monitoring

Real-time threat detection and alerting

Implemented

Compliance

SOC 2 Type II audit engagement

In Progress

IAM Architecture

Identity Federation

Native SAML 2.0 and OpenID Connect integration. Enterprise identity providers are the single source of truth for authentication — no separate credentials required.

Role Inheritance & Mapping

Enterprise directory roles map directly to platform permissions. Changes in your IdP propagate automatically — no manual re-provisioning.

Pre-Execution Permission Evaluation

Every agent action is evaluated against the caller's effective permissions before execution begins. Unauthorized requests are blocked, logged, and surfaced in audit trails.

Session & Token Management

Short-lived tokens with configurable expiry. Session binding prevents token replay across contexts. Revocation propagates within seconds across all platform services.

Shared Responsibility Model

Customer Responsibilities

IAM configuration, access policy definitions, data classification, and user provisioning within your environment.

EVEDY Responsibilities

Platform security, encryption management, audit infrastructure, availability SLAs, and vulnerability management.

Shared Controls

Policy enforcement, compliance monitoring, incident response coordination, and security review processes.

Responsibility Matrix by Deployment Model

AreaEVEDY ResponsibilityCustomer Responsibility
Infrastructure HostingEVEDY manages (SaaS); customer manages (Customer Cloud)N/A (SaaS); full ownership (Customer Cloud)
Encryption Key ManagementPlatform KMS with automatic rotation (SaaS)BYOK supported (Customer Cloud / Air-Gapped)
Network SecurityZero-trust perimeter, DDoS protection (SaaS)Customer-defined network policies (Customer Cloud)
IAM & IdentityFederation endpoints, session managementIdP configuration, role definitions, user lifecycle
Patch ManagementAutomatic platform patching (SaaS)Customer-managed patching cadence (Customer Cloud)
Audit Log StorageManaged retention up to 7 years (SaaS)Customer-managed storage and retention (Customer Cloud)
Incident ResponsePlatform-level detection, triage, and notificationCustomer-side investigation and environment-level response

Data Flow & Transparency

All user requests enter through TLS-terminated API gateways. The control plane evaluates identity, policy, and context before routing to the execution layer. Agent outputs pass through policy validation before delivery. No customer data is persisted beyond the configured retention window.

Deployment Models & Security Comparison

Recommended
EVEDY SaaS

Fully managed, fastest time to value.

  • Managed infrastructure and operations
  • Automatic KMS key rotation
  • SOC 2 aligned environment
  • 99.9%+ SLA-backed availability
  • Automatic platform updates
  • SIEM log export (JSON/CEF)
Customer Cloud

Deploy in your AWS, Azure, or GCP.

  • Full data sovereignty
  • BYOK encryption support
  • Custom network policies
  • On-premise IAM and SIEM integration
  • Customer-managed patching cadence
  • Dedicated tenant isolation
Air-Gapped

Zero external dependencies.

  • No outbound network connectivity
  • Offline licensing and activation
  • Manual updates with integrity verification
  • HSM integration support
  • Compatible with classified environments
  • Full customer operational control

Resilience & Performance

0+ regionsActive-active deployment
0hRecovery Point Objective
0hRecovery Time Objective
0.0%Trailing availability

Standard

99.9%uptime SLA
Response: < 4 hours

Enterprise

99.95%uptime SLA
Response: < 1 hour

Dedicated

99.99%uptime SLA
Response: < 15 minutes

Compliance & Certification Roadmap

SOC 2 Type II

In Progress
Target: September 2025

Audit engagement active. Type I attestation targeted Q3 2025, Type II observation period begins immediately after.

ISO 27001

Planned
Target: December 2025

Gap assessment complete. Certification body selected. ISMS documentation in progress. Annual surveillance audits planned.

FINMA Guidelines

In Progress
Target: September 2025

Swiss financial regulatory alignment. Customer audit support available for FINMA-regulated institutions.

GDPR Alignment

Achieved
Target: December 2024

Data processing agreements in place. DPIA completed. Subprocessor management operational. Deletion and portability workflows documented.

Incident Response Lifecycle

1

Detection

< 15 minutes

Automated monitoring triggers alert on anomaly detection across infrastructure, application, and security layers.

2

Triage

< 1 hour

On-call security engineer assesses severity, assigns incident commander, and initiates communication protocol.

3

Containment

< 4 hours

Affected systems are isolated. Threat vector is neutralized. Customer notification issued for severity 1 and 2 incidents.

4

Resolution

< 24 hours

Root cause identified and remediated. Systems restored to full operation. Patch deployed if applicable.

5

Post-Incident Review

< 5 business days

Blameless post-mortem published internally. Customer-facing summary provided for impacted accounts. Preventive controls updated.

Security Contact & Responsible Disclosure

Security Contact
Reach our security team at security@evedy.com. We respond to all inquiries within 1 business day.
Responsible Disclosure
We welcome vulnerability reports from security researchers. We commit to no legal action for good-faith research and acknowledge reports within 48 hours.
Reporting SLA
Critical vulnerabilities: 72-hour remediation. High severity: 7 days. Medium severity: 30 days. All reporters receive status updates throughout the process.
Encrypted Communication
PGP-encrypted communication is available for sensitive security reports. Public key published at evedy.com/pgp.

For Security Leaders

Request our Architecture Security Brief covering encryption architecture, IAM integration patterns, threat model, and compliance posture.

Request Security Brief

Need a Security Deep-Dive?

Schedule a review with our security engineering team to discuss architecture, controls, and compliance posture in detail.

Schedule Security Review

Trust & Security FAQ

Need a Deeper Security Review?

Our security team is available to walk through architecture, compliance posture, and audit documentation.

Request Security Review