Skip to main content
M
Start free

// trust center

Security posture, in plain text.

Magistry writes directly to your live systems. We treat that as a responsibility, not a feature. Everything we do to keep your data and your store safe is documented here, in language you can forward to a security team without an interpreter.

Contact security
Read the DPA
SOC 2 Type II · ActiveGDPR · CompliantISO 27001 · Stage 2 Q4 2026

// compliance

Frameworks we audit against.

Active certifications and credible in-progress ones. We will never list a framework on a slide before we list it here.

SOC 2 Type II

Active

Annual Type II report covering security, availability, and confidentiality. Audited by a Big-Four-affiliated CPA firm. Latest report available under NDA.

// last audited · March 2026

Request report

GDPR

Compliant

Data Processing Addendum available for every paying tenant. EU-only data residency option for Supabase + Vercel + Railway. DPO contactable at dpo@magistry.io.

// last audited · January 2026

Request report

ISO 27001

In progress

Stage 1 readiness review complete in February. Stage 2 certification audit scheduled for the fourth quarter of 2026. Roadmap available to enterprise prospects.

// last audited · Stage 2 audit Q4 2026

Request report

PCI-DSS

Scope-limited

Magistry does not store, process, or transmit cardholder data. All card flows are handled by Stripe; we hold a SAQ-A. Attestation of compliance available on request.

// last audited · February 2026

Request report

// data handling

Where your data lives and how we protect it.

EU-first by default. Supabase Postgres in Frankfurt, Railway in EU-West, Vercel edge globally. Customer-record copies never leave the residency you select.

Encrypted at rest, encrypted in transit

AES-256 at rest on all primary and replica databases. TLS 1.3 in transit, including service-to-service inside our VPC. Backups encrypted with separate keys.

Vault-encrypted secrets

Per-tenant API credentials live in Supabase Vault, encrypted with envelope encryption. Decryption keys rotate quarterly and never leave the worker VPC.

Never trained on customer data

Zero data retention is enabled on every upstream model provider. Your store data, your CS replies, and your brand-voice embeddings are never used to train third-party models.

Append-only audit log

The decision_log is structurally append-only with row-level checksums. We can re-derive every state change Magistry has ever made on your behalf for the lifetime of the contract.

// access controls

Who can see what, and how we enforce it.

Role-based, single-sign-on capable, isolated per tenant, and serialised at the row level. The same access model the agent sits inside.
RBAC + SSO + Per-tenant

RBAC across every surface

Owner, Operator, Reviewer, Read-only. Roles are enforced at the database row level, not just the UI. Every Magistry surface respects them, including the public API.

SSO + SCIM

SAML SSO via Okta, Azure AD, and Google Workspace. SCIM provisioning on enterprise plans, so deprovisioning a user in your IdP deprovisions them in Magistry inside one minute.

Per-tenant isolation

Hard tenant boundaries at the schema level, with Postgres row-level security on every table that holds customer data. No shared caches between tenants, no shared queues.

Advisory locks

Concurrent writes against the same resource are serialised through Postgres advisory locks. Two agents will never race on a single SKU, a single ad set, or a single CS thread.

// sub-processors

Everyone we share data with.

The full list. We commit to thirty days written notice before adding a sub-processor to it. Subscribe to changes by emailing security@magistry.io.

  • Vercel

    Edge hosting + marketing site delivery

    Global edge · EU primary

    DPA

  • Railway

    FastAPI worker + scheduled job runtime

    EU-West

    DPA

  • Supabase

    Postgres + pgvector + Vault for secrets

    EU-Central (Frankfurt)

    DPA

  • OpenAI

    Language model inference (judge + drafts)

    US · Zero data retention enabled

    DPA

  • Anthropic

    Language model inference (planner + reasoning)

    US · Zero data retention enabled

    DPA

  • AWS

    S3 object storage for assets + audit exports

    eu-west-1 (Dublin)

    DPA

  • Stripe

    Subscription billing + invoicing

    Global · EU billing entity

    DPA

  • Cloudflare

    CDN, WAF, bot management, DNS

    Global edge

    DPA

  • Sentry

    Application error monitoring

    EU instance (Frankfurt)

    DPA

  • Twilio

    Outbound SMS for kill-switch alerts

    Global · EU number pool

    DPA

// incident response

What happens when something breaks.

Magistry runs a 24/7 on-call rotation across two time zones. Any user-visible incident is reported on status.magistry.io inside fifteen minutes of detection, with a public root-cause analysis posted within five business days of resolution.

For data incidents, affected tenants receive a written notice inside twenty-four hours of confirmation — well ahead of the seventy-two-hour GDPR window. Notice includes scope, timeline, remediation, and the rows touched in the decision log.

The kill switch is default-on. Any operator can pause every autonomous write across their tenant from one button, and the switch state is itself logged.

Report an incident

Suspect a vulnerability or saw a write you cannot explain? Email us — we run a responsible-disclosure program with monetary rewards for confirmed reports.

Emailsecurity@magistry.io
PGP fingerprint7F4C 8E11 9A2B 03D5 6677
Response SLA24 hours
Status pagestatus.magistry.io

// contact

Talk to our security team.

Send the questionnaire, ask for the report, or schedule a call with the engineer who owns the gate. We reply inside one business day.

Email security@magistry.io
View status page

dpo@magistry.io · DPO requests · 24-hour acknowledgement