supercenter

Trust Center

Security & compliance at Supercenter

Supercenter is the control plane for enterprise AI agents — skills, integrations and AI coworkers that act inside your existing tools. Security is structural, not bolted on: agents get scoped, encrypted credentials resolved only at execution time; consequential actions require human approval; every tool call is audit-logged with on-behalf-of attribution; and cross-user access exists only through explicit, revocable delegation grants.

This page is generated live from our internal compliance system — the same controls, monitors and vendor register our team operates on. Request access below for the gated document set (DPA, policies, reports).

security@supercenter.appPrivacy NoticeStatus

Security controls

Updated 22 hours ago
43 controls

Updated continuously from our internal compliance system. Every control listed is implemented and monitored.

access control

  • Audited support impersonation
  • Centralized SSO authentication
  • Hashed, scoped API keys
  • MFA on production-adjacent systems
  • Restricted superadmin access
  • Role-based access, least privilege
  • Tenant isolation in the control plane

ai governance

  • Agent autonomy levels & approval gates
  • Consent-gated credential delegation
  • Credentials never reach prompts
  • Isolated agent execution sandboxes
  • Per-session tool-call audit trail

availability

  • Managed, redundant serverless platform
  • Physical security inherited from cloud providers

encryption

  • Connector credentials encrypted at rest
  • Encryption key management & rotation
  • Platform secrets in managed secret store
  • Provider-managed encryption at rest
  • Secret rotation procedure
  • TLS for all data in transit

governance

  • Approved security policy stack
  • Defined security roles and owners

incident response

  • Breach notification procedure
  • Post-incident reviews

logging monitoring

  • Application audit trails
  • Continuous compliance monitors
  • Infrastructure log retention

privacy

  • Consent for analytics/marketing tracking
  • Data subject request handling
  • DPIA screening
  • DPO requirement assessment
  • Lawful basis documented per activity
  • No unsafeguarded automated decisions
  • Privacy notice published & versioned
  • Retention schedule & deletion automation

sdlc

  • CI checks before deploy
  • Dependency vulnerability scanning
  • Environment separation
  • Peer-reviewed changes
  • Secret scanning in CI

vendor management

  • DPAs with all subprocessors
  • Vendor & subprocessor register

vulnerability management

  • Recurring internal security audits

In progress: SOC 2 Type I report (Type II to follow), external penetration test, ISO 27001 evaluation, public uptime history. Details in the FAQ.

Security contact

Vulnerability reports and security questions: security@supercenter.app. Reports are acknowledged within two business days. We do not pursue good-faith research.