How we keep your data — and your agents — safe.

Spawn runs agents that touch your email, your code, your customer data, and your company's bank accounts. We treat security like the product feature it is — not a compliance checkbox.

This page describes how we protect that trust: the controls we've built, the third parties we rely on, and the ways we get caught early when something goes wrong. It's written plainly. The formal compliance docs are available on request at security@spawnlabs.ai.

Login

Google OAuth and email/password. Passwords are hashed with argon2id. We never store plaintext credentials.

Session tokens

Short-lived JWTs (15 min access / 30 day refresh), HTTP-only secure cookies, CSRF-protected on state-changing routes.

SSO & SAML

Available on enterprise plans. Supports Okta, Google Workspace, Azure AD. SCIM provisioning on request.

MFA

TOTP authenticator-app MFA available to all users; required for enterprise tenants.

Internal access

Employee access to production is least-privilege, reviewed quarterly, and gated behind SSO + MFA. All access is logged.

• In transit — TLS 1.3 on every endpoint; HSTS preload; modern cipher suites only
• At rest — AES-256 for databases, object storage, and backups
• Secrets — Fernet-encrypted secret vault with per-tenant keys, stored separately from application data
• Key management — Google Cloud KMS; keys rotate on a 90-day schedule
• OAuth tokens — Nango stores third-party tokens encrypted with AES-256-GCM; decrypted only at request time

Application hosting

Google Cloud (us-east1). Auto-scaling, health-checked containers behind a Caddy reverse proxy with automatic TLS.

Primary database

Neon Postgres with point-in-time recovery, read replicas, and daily encrypted backups retained 30 days.

Object storage

Google Cloud Storage, private buckets, signed URLs only.

CDN & edge

Cloudflare with WAF, DDoS protection, bot management, and rate limiting at the edge.

Cache & queues

Upstash Redis (TLS only). Short TTLs on user-scoped data.

Every agent session runs in an ephemeral, isolated compute sandbox. No shared state between users, no persistence between runs unless you explicitly save artifacts to your workspace.

• Execution providers — Modal, Daytona, and E2B (per-tenant routing)
• Network egress — disabled by default; enabled only for connected integrations you authorized
• Filesystem — per-session tmpfs; destroyed on session end
• Resource limits — CPU, memory, wall-clock, and credit caps enforced per session
• No raw shell to other tenants, hypervisor, or host — confirmed by continuous sandbox-escape testing

• No model training on your data. Prompts and outputs are never used to train Spawn models or shared with model providers for training.
• Zero-retention where available. We enable zero-retention endpoints with Anthropic, OpenAI, and Google when supported by your plan.
• Pinned versions. Model versions are pinned per-tenant; upgrades go through staged rollout and eval gates.
• Provider isolation. You choose which model providers your agent can call; we never silently fail-over to a disallowed provider.

When you connect Gmail, Slack, GitHub, Stripe, or any other integration, Spawn uses Nango (self-hosted on our infrastructure) to broker the OAuth flow.

• Tokens are encrypted at rest with per-tenant keys
• We request the minimum scopes needed for the integration to function
• You can revoke any connection in one click — revocation is propagated to the provider within seconds
• Connection audit log shows every time a token is used and by which agent run

• Every auth event (login, logout, token refresh, failed attempts) is logged
• Every API call is traced with PostHog and OpenTelemetry
• Every agent action (tool invocation, integration call, artifact produced) is recorded in an immutable audit log
• Anomaly detection on failed auth, unusual integration usage, and credit burn rate
• Uptime and performance metrics exposed at status.spawnlabs.ai

We welcome reports from security researchers. If you believe you've found a vulnerability, please email security@spawnlabs.ai with steps to reproduce.

• Safe harbor — we will not pursue legal action for good-faith research that follows this policy
• Acknowledgement — we respond within 48 hours and keep you updated through remediation
• Rewards — critical findings are eligible for cash bounty; public hall-of-fame available on request
• Out of scope — denial of service, social engineering, physical attacks, or any testing that degrades the Service for other users

If a security incident occurs, our policy is transparency.

• On-call engineer paged within 5 minutes of detection
• Customers impacted are notified within 24 hours — sooner if the incident is active
• Public post-mortem published within 14 days for material incidents
• Status page updates in real time at status.spawnlabs.ai

Security questions

security@spawnlabs.ai

Vulnerability reports

security@spawnlabs.ai (PGP key on request)

Privacy requests

privacy@spawnlabs.ai