How we secure AEGIS and partner deployments.

Deployment posture

AEGIS is licensed as an embeddable component, not a hosted multi-tenant SaaS. The default deployment posture is partner-operated: the partner runs AEGIS inside their own infrastructure (CPE, device firmware, network appliance, or VPC) and FrameBright never sees partner traffic. This is a materially different security model from a SaaS moderation API where customer content traverses a vendor's perimeter.

For partners who choose the managed API path, we operate AEGIS in our own GCP project (project ID relayone-488319, us-central1). All traffic is TLS 1.3, all storage at rest is encrypted using customer-managed keys where the partner provides them, and tenant isolation is enforced by the RelayOne governance plane (tenant boundaries, audit evidence, sovereignty constraints).

Authentication and access

Partner administrative access to FrameBright is gated by Clerk-issued sessions backed by enforced multi-factor authentication. Production secrets live in GCP Secret Manager and are never embedded in source. CI builds pull configuration via short-lived workload-identity tokens; long-lived credentials are not used for production deploys.

The classification engine itself does not require authentication on the data path: AEGIS classifies content the partner provides without holding any partner credentials in memory. Authentication, where it is required, is for control-plane operations (license activation, configuration changes, audit retrieval), not for content classification.

Data handling

For partner-operated deployments, FrameBright does not receive content. Content classified by AEGIS at the CPE, device, router, or partner VPC stays inside the partner's perimeter. AEGIS emits structured verdicts (label, confidence, evidence trace, signed receipt) that the partner can store, audit, and forward according to their own data-handling policy.

For the managed API path, partner content is processed in-memory only. Classified content is not retained beyond the request lifetime unless the partner explicitly enables verdict-replay storage for audit. Verdict-replay storage, when enabled, is encrypted at rest with customer-managed keys and respects partner-defined retention windows.

Vulnerability disclosure

If you believe you have found a security vulnerability in AEGIS, FrameBright.ai, or any FrameBright-operated infrastructure, please report it to [email protected]. We acknowledge reports within two business days and aim to resolve confirmed issues within thirty days. We do not currently operate a public bug bounty; partner-channel bug bounties are negotiated at the licensing level.

Responsible disclosure: please do not publish or share vulnerability details before we have had a reasonable opportunity to remediate. We will credit reporters in our changelog at /changelog/ with their consent.

Compliance and audit

Partners deploying AEGIS under regulated postures (telecom, financial services, healthcare, public sector, sovereign-Canadian) use the connected RelayOne governance plane as the audit and compliance surface. Per-classification signed receipts, tenant-scoped audit logs, and sovereignty-bounded deployment options are available via the RelayOne integration. Compliance documentation (SOC 2 mapping, GDPR posture, regional data residency) is available under NDA for active licensing conversations.