Security at Quint
Quint is built on a zero-trust architecture where agent traffic stays local and only metadata reaches the cloud. Here's how we protect your data.
Agent traffic stays local
Quint intercepts and analyzes agent traffic entirely on your machine. Raw tool calls, file contents, and conversation data never leave the endpoint. Only structured metadata (action type, risk score, timestamps) reaches the cloud.
End-to-end encryption
All cloud-bound metadata is encrypted in transit with TLS 1.3. Audit logs are signed with Ed25519 keys generated locally on each machine, ensuring tamper-proof integrity that we cannot alter.
Tamper-proof audit trail
Every audit entry is Ed25519-signed and linked in a SHA-256 hash chain. Any modification to the chain is cryptographically detectable. Proof bundles can be exported for external auditors.
Infrastructure security
Cloud infrastructure runs on AWS with managed PostgreSQL (RDS) inside a private VPC. All databases are encrypted at rest. Access requires deploy-token authentication with row-level security. No shared tenancy — each organization's data is logically isolated.
Minimal data collection
We collect only what's necessary: action metadata, risk scores, agent identifiers, and timestamps. We do not store source code, file contents, conversation histories, or API keys intercepted by the proxy.
Compliance commitments
SOC 2 Type II and GDPR compliance programs are in progress. Quint's compliance engine evaluates agent actions against 16 regulatory frameworks including EU AI Act, HIPAA, NIST AI RMF, and ISO 42001.
Reporting a vulnerability
If you discover a security vulnerability, please report it to security@quintai.dev. We take all reports seriously and will respond within 48 hours.