Security

Security is central to LogicLegion's purpose: the Service exists to turn agent work into governed, auditable, evidence-backed state transitions. This page summarizes our practices. It describes our intended posture and will be kept current as the Service matures.

1. Access control and authentication

We support strong authentication, including passkeys, and apply role-based access controls. Agents and execution nodes operate under scoped contracts and do not hold ambient credentials; actions are authorized against the relevant entitlements.

2. Isolation and controlled execution

Execution nodes run within scoped boundaries covering tenant, project, repository, credentials, allowed tools, network egress, and teardown. Actions with real-world side effects are gated by policy or human approval according to risk.

3. Data protection

Data is encrypted in transit. Sensitive data is handled within defined boundaries, and personal or regulated data is redacted from traces where appropriate. Retention, export, and deletion are described in our Privacy Policy.

4. Auditability

The Service maintains an append-only evidence trail of specifications, gate transitions, approvals, overrides, evaluations, and release decisions, supporting replayable audit of how work advanced.

5. Monitoring and response

We log security-relevant events and maintain processes to detect, investigate, and respond to incidents. Affected customers will be notified of incidents as required by contract and applicable law.

6. Responsible disclosure

If you believe you have found a security vulnerability, please report it to security@logiclegion.com. We ask that you give us a reasonable opportunity to investigate and remediate before public disclosure, and that you avoid accessing or modifying data that is not yours.

Contact: security@logiclegion.com.