Built so your team can move fast — and your security review can say yes.
A SOC 2 PDF tells you an auditor checked a list once. We took a different approach in parallel: every artifact your agents create on Foundry — every PDF, audit, brief, exported report — gets a SHA-256 fingerprint anchored on the Bitcoin blockchain via OpenTimestamps within ~6 hours. So does a daily Merkle root over key business records (mission events, workspace invites used, org members joined, audit leads captured). Any third party can re-hash a record and verify the proof with the open-source ots CLI — no cooperation from us required.
Four security pillars, four real implementations.
Not "we take security seriously." Here's exactly what we do — and how you can verify it yourself.
How we compare to "most AI platforms".
The features below aren't roadmap items — they're shipped, in production, verifiable today.
Cryptographic proof. No vendor lock-in.
Every PDF, brief, and audit your agents produce gets its SHA-256 hash submitted to the OpenTimestamps public calendar network. Within 1-6 hours that hash is anchored into a Bitcoin block — permanent, immutable, verifiable by anyone with a copy of the file and the standard ots CLI.
What this kills: "Did SoulPrint silently edit our audit?" "Did someone tamper with our compliance report?" "Can we prove this brief existed on Mar 12?" Yes. Yes. And yes.
Vendor-lock-free: Anyone — your auditor, your customer, a journalist — can hit a public verify URL like /v/<file_id> and confirm the proof without ever logging into SoulPrint. Even if we disappeared tomorrow, your proofs would still be valid on Bitcoin forever.
Saved logins our own admins can't read.
When an agent logs into a third-party site on your behalf — your CRM, your social inbox, your supplier portal — the cookies and session state are encrypted with Fernet (AES-128-CBC + HMAC-SHA256) before they ever touch the database.
The decryption key (SOULPRINT_VAULT_KEY) lives in our backend env, separate from the database. Even a full DB dump would yield ciphertext only. Even our infra team can't read your saved logins.
Bonus: credentials persist across our redeploys (so your agent's existing logged-in session keeps working) — but only because the encrypted blob survives, never because we copy plaintext anywhere.
Your private Chief of Staff is actually private.
Inside every organization, each user gets a private Chief of Staff thread — a personal AI co-pilot for thinking out loud, drafting sensitive memos, working through people problems. These threads are visible only to:
- You — the person who started the thread
- Your org owner — for audit moderation only, never for browsing
- Other org members — never. Not even admins.
- Other organizations — never. Workspaces are hard isolation boundaries.
Closed teams extend the same boundary to team-level conversations: the Mind Map, activity feed, and document library all filter out content from teams a user isn't a member of.
Brute-force lockout, rate limits, and CSP — turned on, today.
Login is throttled per (IP × email): 8 failed password attempts in 15 minutes triggers a 15-minute lockout with a clear "try again in N minutes" message. Successful login wipes the counter.
Lead capture, account registration, and invite acceptance all sit behind sliding-window rate limits — so a bot trying to enumerate accounts or harvest invite codes hits a wall fast.
Every response carries HSTS preload, X-Frame-Options, X-Content-Type-Options, a strict CSP, and a Permissions-Policy that locks geolocation / mic / camera to first-party only and disables payment APIs entirely.
Encryption — boring but rigorous.
Three layers, three different keys, three different blast radiuses.
Honest about where we are. Not where we wish we were.
Ready to put your security team in the driver's seat?
Bring your toughest questions. We'll bring the architecture diagrams, the SIG, the encryption key flows, and answers — not marketing copy.