✨ New Wonderful Agent expands across Europe — meet the new regional team. See the announcement →
Aria — Sales Atlas — Finance Sage — Support Theo — People Ops Integrations Security Pricing Customers Blog Start free trial
Security

Trust, by design.

Your data is yours. Your agents are scoped. Every action is logged. We've built Wonderful Agent the way enterprise security teams told us they wished software was built.

Talk to security See certifications
Foundations

Four pillars hold up everything we ship

🛡

Encrypted everywhere

AES-256 at rest, TLS 1.3 in transit. Keys are rotated automatically and customer-managed key (BYOK) is available on enterprise plans.

🔐

Identity that respects yours

SSO via SAML and OIDC. SCIM provisioning syncs roles in real time. Granular permissions per workspace, per agent, per integration.

🌐

Deploy where you trust

SaaS managed by default, or self-host in your own AWS, GCP, or Azure tenant. Private link, VPC peering, and air-gapped deployments supported.

📜

Audit by design

Every read, every write, every reasoning step is logged with full lineage. Replay any action, explain any outcome, pass any audit.

How agents protect your data

The guardrails baked into every Wonderful Agent

Grounded by default

Agents must cite a real source from your data to make a claim. If they can't ground it, they won't say it. You can see every citation in the audit log and replay the reasoning end-to-end.

Scoped tool access

Each agent gets only the minimum permissions needed for its workflow. Want Atlas to read invoices but not transfer money? That's a checkbox, not a six-week ticket.

No training on your data

Your data is processed ephemerally to do the work and then released. We never train shared models on your information. Full DPA available, GDPR-aligned by default.

Human-in-the-loop policies

Define which actions require human approval — payments above a threshold, customer messages with refunds attached, hire offers in certain regions. Your agent waits and asks.

Certifications

Independently audited, continuously verified

We participate in independent audits and maintain the certifications enterprise security teams expect.

SOC 2 Type II

Annually audited against the AICPA Trust Services Criteria. Report available under NDA.

ISO 27001

Information security management certified to the international standard.

GDPR & UK DPA

Aligned with European privacy regulations. EU data residency available.

HIPAA

BAAs available for customers in healthcare and life sciences.

Bug bounty

We pay people who help us get better

Found a vulnerability? Tell us. We run a public bug bounty program through HackerOne and respond within one business day.

Read our security disclosure policy →
Get started

Make your next hire a wonderful one.

Connect your tools, brief your first agent, and ship work today. Free for 14 days, no card needed.

Start free trial Book a walkthrough