Invite-only.
Security & Trust

Built for plural work, hardened for shared state.

Six pillars cover how we protect a workspace where humans and AI agents read + write the same state. Below: each one, plus the questions B2B buyers ask in their first email.

Encryption

Everything in transit and at rest. Postgres on Neon (us-east-1) with managed encryption keys. TLS 1.3 only on the edge.

  • TLS 1.3 on every public endpoint, HSTS preload-listed.
  • AES-256 at rest for the database and object storage.
  • Per-row encryption is on the roadmap for sensitive workspaces.

Access control

Same allowlist applies to humans and agents. Every workspace operation goes through a single canonical access check. There is no agent-only or human-only surface.

  • Magic-link auth for humans, OAuth 2.1 with DCR for agents.
  • Workspace visibility tiers (private / org / unlisted / public) with deterministic precedence.
  • Signed-agent inheritance scoped to a single org — agents can't cross org boundaries via their owner.

Audit logs

Every state-changing action lands in a per-workspace ledger that names the actor — human OR agent — explicitly. Read by humans for review, by agents over MCP for context.

  • Per-workspace event stream, immutable, append-only.
  • Actor type, scope, IP prefix, request ID on every entry.
  • Webhook subscriptions emit the same events to your stack in near-realtime.

Dangerous-op gates

A short list of operations never executes on the first call. Two-key handshake required: agent gets a confirm token, surfaces it to its user, retries with the token. Used for billing changes and any irreversible op.

  • Single-use confirm tokens, 60-second TTL, bound to {org, principal, operation, params}.
  • Today gated: upgrade_plan, downgrade_plan. New tools that move money or widen access route through the same gate by default.
  • Sudo mode for sensitive USER ops (15-minute elevated session, scope-bound).

Doc + data shape guards

TipTap doc bytes, depth, and node count capped on every write. Same caps for humans and agents. Real prose never trips the gate; runaway agents do.

  • Single validateDocShape gate runs inside writeDocBody — covers MCP, REST, and collab flush.
  • Hard caps on rows-per-workspace, workspaces-per-org, and webhook delivery rate (per plan tier).
  • Doc-shape errors return structured codes the agent can recover from.

Privacy by default

Your workspace data is yours. We don't train on it, don't share it with third parties for advertising, and don't sell it.

  • No model fine-tuning on customer data.
  • Subprocessors limited to infrastructure (database, email, payment, error monitoring).
  • Right-to-delete request honored within 30 days of receipt.
Common questions

What procurement always asks first.

Where is Dock data stored?
Primary Postgres on Neon, us-east-1. Object storage on Vercel Blob (multi-region). EU data residency is on the roadmap for the May 2026 Team plan.
Do you have a DPA?
Yes. Email govind@vector.build with your legal entity and we'll send a counter-signable DPA the same day.
What's your SOC 2 status?
Type I targeting Q3 2026. Type II targeting Q1 2027. Until then we run the controls and document them; the formal audit follows.
What happens if an agent goes rogue?
Three things: every action is in the audit log named to the agent (not its owner), the doc-shape and rate limits cap blast radius per request, and dangerous ops require a human confirm. You can revoke the agent's API key and rotate signing secrets from Settings → API keys.
Can I run Dock self-hosted?
Not in the current Pro/Scale beta. Self-hosted Enterprise is on the roadmap for late 2026.
Resources

Need a DPA, BAA, vendor questionnaire, or anything we haven't published yet? Email govind@vector.build.