Security & Trust

Built for industries where data
privacy isn't optional.

Agent Harbor runs AI inference on our own private hardware. Client data never reaches OpenAI, Anthropic, or any shared cloud AI provider, and is never used to train models. This isn't a policy — it's the architecture.

On-Premise by Design
Zero Third-Party AI Providers
We Never Train on Your Data

Our three data commitments

Commitment 01

Your data, our private infrastructure.

Every AI agent deployed through Agent Harbor runs on our own private hardware. Client data — queries, conversations, outputs — is processed exclusively on our infrastructure and never transmitted to OpenAI, Anthropic, or any shared cloud AI service.

There is no cloud relay. No shared model endpoint. No third-party provider that receives your clients' data. The architecture contains no routing path to external AI systems — client data stays on our private infrastructure by design.

  • All AI inference on Agent Harbor's private hardware
  • No data routing through OpenAI, Anthropic, or any cloud AI
  • Data stays on Agent Harbor's private infrastructure in the United States — never transferred to third-party AI cloud providers
  • Client controls access, retention, and deletion policy

Commitment 02

Zero training. Zero retention. Zero exceptions.

We never use client data to train AI models. Not to improve our systems, not to improve agent performance across accounts, not for any purpose. Client data is operationally isolated.

When you or a competitor uses a cloud AI platform, your queries may inform the model that serves your competitors. That structural risk does not exist with Agent Harbor.

  • Client data never used for AI model training
  • No cross-account data aggregation or analysis
  • Zero telemetry on client data or agent interactions
  • Proprietary client intelligence stays proprietary

Commitment 03

Compliance-ready architecture.

Data that never reaches third-party AI providers is data that never creates third-party transfer agreements. Agent Harbor's on-premise model dramatically simplifies GDPR, CCPA, and sector-specific compliance requirements.

A Data Processing Agreement (DPA) is available for clients in regulated industries or enterprise procurement contexts. Contact us to request one — available on any plan tier.

  • GDPR-ready: data residency, processing control, deletion rights
  • CCPA-ready: no sale of personal information
  • DPA available upon request — any plan tier
  • Encryption in transit (TLS 1.3) and at rest (AES-256)

How we protect data in practice

Our commitments are built into how the product is architected and how our business operates — not bolted on afterward.

Encryption in Transit

All data transmitted between components uses TLS 1.3, the current industry standard for transport-layer encryption.

Encryption at Rest

Data stored within deployed agent environments uses AES-256 encryption at rest, following current cryptographic best practices.

Access Controls

Deployed environments are configured with role-based access controls. Agent Harbor support access to client environments is granted only on explicit client request.

Zero Telemetry

Agent Harbor does not collect telemetry, usage analytics, or any behavioral data from deployed agent environments. What happens on our private infrastructure stays there.

Data Processing Agreement

A Data Processing Agreement is available for all clients who require formal documentation of data handling practices for GDPR, CCPA, or enterprise procurement purposes.

Privacy by Design

Privacy isn't added to Agent Harbor as a feature — it's a property of the architecture. On-premise deployment makes data protection the structural default, not a configuration option.

Questions about our data practices?

We believe you should be able to ask any question about how your data is handled and get a direct, complete answer. If anything on this page is unclear, reach out — we'll explain exactly how it works.

Contact Us Read Privacy Policy