Wagvioby AgenTeam5Home

Trust & security

Wagvio (a product of AgenTeam5) is built security-first. This page is an honest, plain-language summary of how we protect your data and the controls we operate. We tell you what we do, not what sounds good.

Our posture, stated honestly

We have implemented our systems to align with the SOC 2 Trust Services Criteria and the HIPAA Security Rule technical, administrative, and physical safeguards. We are notclaiming a completed independent SOC 2 audit report or a certification — when one is completed, this page will say so and the report will be available under NDA. We will never display a badge we haven't earned.

Encryption

All traffic is encrypted in transit with TLS (HTTPS is enforced; HSTS is on). Data at rest is encrypted by our database provider, and our off-site backups are additionally encrypted with AES-256-GCM under a key we hold separately.

Access control & authentication

Accounts use salted, hashed passwords (scrypt) with a strength policy. Sessions are revocable and automatically log out after a period of inactivity. Repeated failed sign-ins are rate-limited and temporarily locked to stop brute-force attacks. Access to your workspace data is scoped to your own organization.

Audit logging & monitoring

Sensitive actions — administrative changes, access to patient/client records, account deletion, authentication events — are recorded in an append-only audit log with timestamp, actor, and source IP. A daily automated job checks backup freshness, critical configuration, and usage anomalies.

Backups & disaster recovery

We take automated daily encrypted backups stored off-site, plus point-in-time recovery at the database layer. Restores are documented and tested.

Data retention & deletion

We keep data only as long as needed. Short-lived items (expired sessions, one-time links) are purged automatically. You can export your data at any time, and deleting your account permanently erases your workspace and its records. See our Privacy Policy.

Healthcare data (HIPAA)

For customers who handle Protected Health Information, we operate the HIPAA Security Rule technical safeguards described above and can enter into a Business Associate Agreement. You remain the covered entity responsible for lawful use of PHI.

Sub-processors

We use a small set of vetted infrastructure providers. The current list and what each handles is on our sub-processors page.

Reporting a vulnerability

Found a security issue? Please tell us via the Contact page. We investigate every report, do not pursue good-faith researchers, and will keep you updated.