Identity & access
SAML SSO with your IdP. SCIM for provisioning. Role-based permissions per agent. Audit trail of every login, every config change, every prompt edit.
Data residency & retention
Per-tenant data isolation. Configurable retention windows. Right-to-delete that actually deletes (including from vector stores and TTS caches).
Model routing & cost controls
Per-agent model selection, with budget caps that can refuse a call rather than overspend. Audit log of which model handled which request.
Audit logs
Tamper-evident, exportable, and queryable. Every agent action, every tool call, every credential use, with timestamps and operator identity.
Vendor risk
Subprocessor list, breach notification SLAs, DPA on file, GDPR/CCPA posture, SOC 2 status with current letter. Penetration test results available under NDA.
Incident response
On-call rotation, status page, postmortem SLA. Severity-1 response time written into the contract.