Skip to content
Tipoff Tipoff

Last updated April 23, 2026

Security at Tipoff

Tipoff runs AI teammates that take real action inside your stack. This page covers the infrastructure, encryption, access controls, and processes that back every run. For how an individual run is governed step by step, see Security & Governance.

Infrastructure and hosting

Tipoff runs entirely on Google Cloud Platform (GCP), so we inherit Google's underlying security posture, including:

  • SOC 1, SOC 2, and SOC 3 audit reports
  • ISO 27001, ISO 27017, and ISO 27018 certifications for information security, cloud security, and data privacy
  • FedRAMP authorization for U.S. government workloads
  • PCI DSS compliance for payment data protection

GCP data centers use multi-layered physical security (biometric access, 24/7 surveillance, on-site security, environmental controls) and redundant, high-availability infrastructure.

Data encryption

  • At rest. AES-256 via Google Cloud's default encryption, with keys managed through Google Cloud KMS.
  • In transit. TLS 1.2 or higher between browsers and our servers. Service-to-service traffic is encrypted too.
  • Credentials. OAuth access and refresh tokens are encrypted before storage. Decryption only happens inside the runtime worker that needs them.

Identity and access

  • Single sign-on (SSO). Integrate with your existing identity provider.
  • Multi-factor authentication (MFA). Required by default on paid plans.
  • Role-based access control (RBAC). Owner, admin, and member roles with tenant-scoped permissions.
  • Session management. Automatic timeouts and revocable sessions.

Governance and approvals

One RBAC model covers people and agents. Org admins set what's possible (approved connectors, enabled tools, event sources, and policies like human-approval-required or web-fetch allowlists). Within those rules, grants are made per person and per agent, scoped down to a subset of actions. Sensitive tool calls pause the run for human sign-off in the Tipoff app. Every approval decision is captured with actor, timestamp, and the full input payload the approver reviewed.

For a full walkthrough of the layered access model and the approval checkpoint flow, see Security & Governance.

Credential brokering

Tipoff holds every connector credential. Agents get a capability reference, never a raw OAuth token.

  • User-scoped OAuth. Tied to a specific profile. An agent acting as a user's Gmail uses that user's token, so audit logs in the source system reflect the real actor.
  • Org-scoped service credentials. Shared, for automation that runs without a specific human identity. Governed the same way, but attached to the org.
  • Encryption at rest. Every credential is encrypted with AES-256 before storage. Access and refresh tokens never sit in plaintext.
  • Binding modes. Admins choose per grant whether an agent uses a specific bound credential or the runner's own.

Observability and audit

  • Run traces. Every agent step records its inputs, outputs, latency, and token use in Tipoff's run history.
  • Audit log. Grants, approvals, credential usage, and administrative changes captured with actor, timestamp, and full context. Exportable.
  • Run lineage. Parent-child relationships across delegations, approvals, and workflow spawns. Cancel a root, and children stop.
  • Usage metering. Runs metered in invocations, minutes, tokens, or marked free. Sliceable by agent, workflow, or prompt.

Data isolation and privacy

  • Tenant isolation. Each org's data is logically isolated at the application and database level.
  • Model routing. You choose which provider handles your inference.
  • Minimal data access. Internal access is restricted to authorized personnel on a need-to-know basis, with all access logged and audited.

Application security

  • Secure SDLC. Security requirements are defined during design and validated through implementation.
  • Code review. Every code change requires peer review before deployment.
  • Dependency scanning. Automated tools continuously monitor for known vulnerabilities.
  • Static analysis. Automated security scanning before code reaches production.
  • Sandboxed code execution. Custom code nodes in workflows run in a hardened Deno sandbox with declared tool requirements.

Monitoring and incident response

  • Real-time monitoring. GCP Cloud Monitoring, Cloud Logging, and Tipoff's run telemetry provide continuous observability.
  • Alerting. Automated alerts for anomalies, performance degradation, and potential security events.
  • Incident response. Documented response plan with defined roles, escalation paths, and communication protocols.

Business continuity

  • Multi-region backups. Data is replicated across multiple GCP regions.
  • Disaster recovery. Regular backup testing and documented recovery procedures.

Compliance

Tipoff is built on security best practices from day one, and we're pursuing formal certifications that match customer needs. Our infrastructure runs on GCP, which maintains SOC 1/2/3, ISO 27001, and FedRAMP certifications, so your data benefits from enterprise-grade security from the start.

For details on how we collect, use, and protect your data, see our Privacy Policy.

Responsible AI

AI agents should act with authority explicitly delegated to them. Never more, never less. Our approach:

  • Transparency. Every action an agent takes is attributable and traceable.
  • Human oversight. The approval model is built into the runtime, not bolted on after.
  • Least privilege by default. Capability modes let admins lock down by default and open up deliberately.
  • Continuous improvement. We regularly review our practices as the field evolves.

Reporting a vulnerability

We value the security research community and welcome responsible disclosure. If you discover a security issue, please report it to security@tipoff.io. We ask that you give us reasonable time to investigate and address the issue before disclosing it publicly, and we will acknowledge receipt of your report within 48 hours.