Security at Genera
Last updated: April 2026
Your data, your customers' data, and the AI agents acting on both — we secure all three.
Encryption
TLS 1.3 in transit. AES-256 at rest. Customer-managed keys available for enterprise plans. Per-tenant data isolation enforced at the storage layer.
Identity and access
SSO via OIDC and SAML 2.0. Required MFA for admins. Granular role-based access control across the seven services with audit logging on every privileged action.
AI data handling
Prompts and referenced content are sent to multi-model AI providers (Anthropic, OpenAI, Google) under zero-retention agreements where offered. AI output is logged for audit but never used to train third-party foundation models.
Infrastructure
Multi-region cloud deployment with automatic failover. Daily encrypted backups with point-in-time recovery for the last 30 days. 99.99% uptime target on Connections; 99.9% across the rest of the platform.
Vulnerability management
Autonomous dependency scanning, weekly penetration tests against the public surface, quarterly third-party audits. Coordinated disclosure via security@genera.sh — bug bounty program available.
Compliance
SOC 2 Type II in scope for 2026. GDPR-aligned with EU data residency on request. HIPAA-ready architecture for healthcare-tier deployments.
Incident response
Pages on-call within 5 minutes of detection. Customer notifications within 24 hours of confirmed breach. Quarterly tabletop exercises against simulated incidents.
Reporting issues
Found something? Email security@genera.sh — PGP key on the contact page.