Security at Proxara

Security held to the standard our customers hold themselves to.

The enforcement layer handles the most sensitive traffic a firm has, so it is built like it, from the key ceremony to the signed record.

Last reviewed 2026-07-03 · documents at /legal

Architecture

Single tenant by construction.

Each customer gets a dedicated AWS account with an isolated VPC and customer-controlled keys. There is no shared Proxara backend.

  • 01

    A dedicated AWS account, per customer

    No shared multi-tenant surface ever holds customer data.

  • 02

    Inference inside the account

    Bedrock runs in the customer account. Inference stays in their AWS, and Bedrock stores no inputs or outputs.

  • 03

    One signed pipeline

    Redaction and the signed audit log are one path. Every intercepted event is signed and chained.

  • 04

    Customer-controlled keys and exit

    KMS keys live in the account. Full control transfers at termination.

AWS is the only subprocessor for the supervision plane. Region is customer-selected.

CUSTOMER VPC · DEDICATED AWS ACCOUNTENDPOINTSdesktopterminalIDE / codingagent hostAPI clientINTERCEPTDEVICE PROXYdevice-networkPROXARA CLASSIFICATIONapi · bedrock · audit logKMS keysRDS · audit logS3 · archivesDEST 01public AIDEST 02internal AIDEST 03API & agents↘ redacted onlysingle tenant · inference inside the account
Layers of defense

Five layers, one signed pipeline.

Every interaction moves through a chain of independent checks, each able to stop a bad outcome on its own. The chain runs in milliseconds. When a check cannot finish in time, the prompt goes through and the fail-safe is written to the record. Work is never blocked.

Intercept

One inspection point on the device.

The same agent runs on every managed device. AI traffic from browsers, desktop apps, and API clients passes one inspection point at the operating system’s network layer, so the audit record has one source. One layer to secure, one layer to audit.

Evidence

Signed, chained, anchored to the public internet.

Every interaction is one signed row. Batches are Merkle-rooted every five minutes and can anchor, at the firm’s election, to a public transparency log Proxara does not operate. Any single row verifies offline, with no Proxara service in the path.

ed25519 · sha-256sigstore rekor · 5 minproxara-audit-verify
Minimum data

We carry as little of the firm as possible.

Encrypted at rest

Each identity is individually encrypted and keyed.

Crypto-shredding

CCPA/CPRA · GDPR Art. 17

Erase one key to delete one identity.

Full isolation

Your own dedicated, isolated infrastructure.

Observesin the record
  • The prompt as submitted, and the redacted form sent to the model.
  • Detected entities, their class, and the action taken on each.
  • The model routed to, and the tool calls the agent made.
  • The operator, the surface, and the policy decision.
Never seesoutside the plane
  • Any traffic outside the device proxy.
  • Customer storage outside the audit chain. No S3 sweeps, no mailboxes.
  • Inference data once Bedrock returns. Bedrock stores no inputs or outputs.
  • Non-flagged interactions. Token mappings live in memory, 24-hour TTL.

Flagged content is held seven days at most for review, then purged. Proxara is a processing layer, not the system of record.

Controls & frameworks

The controls, and what they map to.

Each control carries a real parameter. Each framework is a status, not a badge.

33controls across these frameworks, auto-tagged per audit event. Full citations in the trust center.

Deployment

One product. Hosted your way.

One agent, one per-seat subscription, deployed to the fleet through your MDM. Run it in a dedicated account we manage, or in your own AWS account.

Proxara-managed

We run it for you

A dedicated, single-tenant AWS account we provision and operate on your behalf.

  • We open the dedicated AWS account if the firm has none.
  • VPC, RDS, KMS and audit storage from a hardened template.
  • Cloud cost passed through at no markup. Ownership transfers on request.

FootprintDedicated AWS account · customer KMS · multi-AZ VPC

Customer-managed

You run it in your account

The same product, deployed into your own AWS account from our templates.

  • Terraform templates stand up the dedicated stack in your account.
  • Proxara holds no standing access to your data.
  • You keep the keys, the data, and the audit store.

FootprintYour AWS account · your keys · no Proxara access

Diligence

Security and disclosure

Vendor questionnaires, audit requests, vulnerability reports, architecture deep-dives. Read by the founders and answered personally.

Product

General questions

Demos, pricing, deployment scoping, anything not covered above.