Security & Trust

Secure by architecture.

Cohesor sits on the critical path between your agents and the models — so security isn't a feature bolted on later, it's how the system is built.

Encrypted at rest

Provider credentials are Fernet-encrypted at rest and never returned to the browser — not even to you, once stored.

Hashed gateway keys

Gateway keys are shown once and stored only as a SHA-256 hash. We resolve requests by hash — the plaintext key never touches our database.

Client-side OAuth

MCP tool tokens stay encrypted on the client. Cohesor brokers the call without persisting your Slack, GitHub or Google credentials.

Tenant isolation

Every organization is a cleanly isolated tenant. Keys, usage, tools and billing never cross the boundary between workspaces.

Full audit trail

Every model call and tool invocation is logged per tenant with status and metadata — so you always know what ran and why.

Least-privilege by default

Keys are scoped and revocable, budgets are enforced on the hot path, and access follows role boundaries across the org.

Compliance

On the path to SOC 2.

We're actively pursuing SOC 2 Type II and building our security program to enterprise standards from day one. Need our current documentation, a DPA, or to run a vendor review?

Request security docs

SOC 2 Type II

In progress

Data Processing Agreement

Available on request

Vendor security reviews

Enterprise plans

How we handle your data

Requests flow through Cohesor only to be compressed, routed and metered before being forwarded to the model provider. We record usage metadata — token counts, model served, cost and savings — to power your dashboard and billing. We do not sell your data, and we do not use your prompts to train models.

Subprocessors

  • Model providers — the upstream LLM providers that serve your selected models.
  • Cloud infrastructure — our hosting and managed database provider.
  • Authentication — our identity provider for dashboard sign-in.

A current, detailed subprocessor list is available to customers on request. Questions? Reach us at hello@cohesor.com.

Run a security review with us.

We're happy to walk your team through our architecture and controls.