Built for teams that can't afford to ship blind.
ISO/IEC 27001 certified, GDPR compliant. Every agent action is versioned, checkpointed, traceable, and audit-logged. Safe for regulated workflows.
Certifications and frameworks.
ISO/IEC 27001
Independently audited information-security management system covering people, process, and technology. Surveillance audits annually; recertification every three years.
GDPR compliant
Lawful-basis mapping, data-subject rights, processor obligations, and EU data-residency options for Scale and Enterprise tiers.
HIPAA-ready (Enterprise)
BAA available on Enterprise for healthcare-adjacent workflows. Strique is not a covered entity; customers using PHI are responsible for their own covered status.
Need the full audit reports, DPIA, or sub-processor list?
Request trust center accessThe security practices under the hood.
Encryption at rest and in transit
AES-256 at rest, TLS 1.3 in transit. Customer secrets (API keys, OAuth refresh tokens) stored in a dedicated KMS-backed vault with per-Org envelope encryption.
Isolation by design
Every Org is a separate tenant with row-level security enforced at the database. Cross-Org data access is architecturally impossible, not just policy-gated.
Least-privilege access
Employees use SSO + hardware-key MFA. Production access is JIT-elevated and audit-logged. No shared credentials. No standing admin.
Versioning & audit log
Every generated asset, every tool call, every configuration change is versioned with who/what/when. Full action history exportable per Org.
Approval gates
Ad launches, bulk email sends, and public posts are gated behind explicit human sign-off unless the customer explicitly opts out per-flow.
Secrets management
Customer OAuth tokens are encrypted with keys rotated every 90 days. Provider-managed service keys are held in Strique's vault and never exposed to customer agents as literals.
Incident response
24/7 on-call. Severity-1 detection → customer notification within 24 hours. Annual tabletop exercises. Public status page at status.strique.io.
Vulnerability management
Automated dependency scanning + monthly penetration testing by an external vendor. Responsible disclosure program at security@strique.io.
Data retention & deletion
Customer data deleted within 30 days of Org offboarding. Exportable in machine-readable format before deletion. Audit logs retained for seven years.
Three promises we write down so we can’t weasel out of them.
We'll never train on your data.
Your chats, assets, files, and integrations are yours. We don't use them to train shared models. Period.
We'll never re-sell your data.
No data brokers. No "partner ecosystem" that syphons your customer list. Your Org context stays in your Org.
We'll tell you when something goes wrong.
Security incident affecting customer data → email within 24 hours, full write-up within 72. No spin.
Security team needs a deeper look?
We'll share audit reports, pentest summaries, DPIA, sub-processor list, and answer your questionnaire, same week.