vesxo
Trust & Safety

Security & Compliance

Last updated: May 20, 2026. Learn how we enforce strict cryptographic protocols to safeguard your API keys.

Isolated Gateway

Every API call runs in a stateless, sandboxed environment that terminates immediately upon execution.

Enveloped Secrets

Your credentials are double-encrypted at rest and decrypted only in ephemeral memory on demand.

Strict Privacy

We enforce zero retention for the payloads passing through our secure Cloudflare Worker edge nodes.

1. AES-256-GCM Cryptography

All sensitive parameters, credentials, API keys, and access tokens registered under Vesxo are immediately encrypted with **AES-256-GCM** (Galois/Counter Mode).

The encryption process is handled before persisting any data to our cloud database. The keys are encrypted using an envelope encryption model with our Master Cryptographic Key. At no point are your credentials stored, displayed, or written to server logs in plaintext.

2. Stateless Edge Architecture

Our routing and execution engine is built on **Cloudflare Workers**, a global serverless network designed for low-latency and high-security isolation.

  • No Disk Storage: Workers run strictly in volatile memory. There are no disks or persistent volumes attached to the gateway executors.
  • Short-lived Lifecycles: Executions survive only for the millisecond duration of your API request, after which the V8 runtime sandbox is immediately destroyed.
  • TLS 1.3 Enforcement: We enforce TLS 1.3 on all transport layers, preventing man-in-the-middle or downgrade attacks.

3. Real-Time Anomaly Scanner

Vesxo features a native safety layer integrating **Upstash Redis** rate limiters and active request pattern validation.

Every incoming call is analyzed in real-time. If our gateway detects multiple rapid failures, suspicious injection payloads, or unexpected administrative requests, the client token is temporarily rate-limited or quarantined, triggering a security alert to protect your connected integrations.

4. Infrastructure Security

Vesxo partners with global, SOC 2 compliant cloud providers:

  • Authentication & Profiles: Handled by Supabase, adhering strictly to multi-tenant row-level security (RLS) policies.
  • Databases: Hosted securely behind strict virtual private networks (VPCs) with regular automated backups and continuous vulnerability scanning.
  • Billing Security: Administered exclusively by Paddle. We do not store or process your credit card, bank, or billing credentials on our servers.

5. Reporting Vulnerabilities

We appreciate responsible disclosure. If you believe you have discovered a security vulnerability or weakness in our gateway platform, please contact our security team immediately at:

Email: security@agentora.io
We prioritize responses to security concerns and will investigate reports within 24 hours.