Zero-retention by architecture, not by policy.
Most vendors promise to delete your data. We removed the place where it would have lived.
Every FuturOne run executes inside transient execution buffers: RAM-only working memory allocated when a request starts and zeroed when it ends. Task inputs, intermediate agent state, and deliverables exist only inside that lifecycle. There is no content database, no document store, and no conversation history on our side — which means there is no retention policy to audit, no deletion SLA to negotiate, and no stored corpus of your data to breach.
Operational telemetry takes a separate lane. The audit log records events — who ran what, when, and with what outcome — and never records content. You can watch this model end-to-end in the live demo: the stream you see returned is everything that ever exists, and it exists only while the run does.
Standard, current, and boring — exactly what encryption should be.
All endpoints — api.futurmix.one, the dashboard, and webhook delivery — require TLS 1.3 with modern cipher suites only. HSTS is enforced, and certificates rotate automatically. Plaintext connections are refused, not redirected, on the API.
Execution buffers are encrypted in memory with AES-256 under a per-request data key. Keys live only in memory, are never written to disk, and are discarded when the buffer is zeroed at request end. There is no at-rest story because there is no at-rest data.
Identity and permissions integrate with the systems your IT team already runs.
Single sign-on against Okta, Microsoft Entra ID, Google Workspace, or any standards-compliant IdP. SSO can be enforced workspace-wide so password logins are disabled entirely. Generally available since March 2026 on the Scale and Enterprise plans.
Users and groups sync from your IdP automatically. Offboarding in your directory deprovisions FuturOne access within minutes — including active API sessions tied to that identity. Available on the Enterprise plan.
Owner, admin, developer, and viewer roles per workspace. API keys (fo_live_…) are scoped to a workspace and can be restricted by agent domain, rotated on demand, and revoked instantly.
Every administrative action and every run-level event is logged — actor, action, timestamp, run ID, outcome. Logs are exportable from the dashboard and the API, and contain event metadata only, never content.
The current state, stated plainly.
Audit complete. The report is available under NDA — email nancy-sl@futurmix.one and we typically turn requests around within the week.
We are in the observation period now. The Type II report will be available under NDA on the same terms once the window closes and the audit is issued.
A DPA with Standard Contractual Clauses is available for signature for customers processing EU personal data. The zero-retention design substantially narrows the processing scope it has to cover. See the privacy policy for how personal data is handled.
Every third party that touches a request, and what it sees.
| Subprocessor | Function | Content handling |
|---|---|---|
| Cloudflare | Edge network and site hosting | TLS termination at the edge; no workload content stored |
| AWS | Transient compute for the agent runtime | RAM-only execution buffers; purged at request end |
| Anthropic | Model inference — Claude Opus 4.8, Claude Sonnet 4.6, Claude Haiku 4.5 | Zero-retention enterprise terms; no training on customer data |
| OpenAI | Model inference — GPT-5.1 | Zero-retention enterprise terms; no training on customer data |
| Model inference — Gemini 3 Pro | Zero-retention enterprise terms; no training on customer data |
Agents route steps across frontier models. The data terms don't change with the route.
If you find something, we want to hear about it — directly and first.
Email nancy-sl@futurmix.one with the subject line Security Disclosure. Include reproduction steps and the scope of what you accessed. Our commitments:
No. Our enterprise agreements with Anthropic, OpenAI, and Google prohibit training on customer content and prohibit retention beyond request processing. On our side there is nothing to train on: FuturOne does not store task inputs, repository contents, or deliverables after a run completes.
In transient execution buffers on AWS compute — RAM only, encrypted with AES-256 under a per-request data key. Buffers are zeroed when the request ends. Nothing is written to disk, so there is no at-rest datastore of customer content.
Email nancy-sl@futurmix.one. The SOC 2 Type I report is available under NDA, usually within the same week. The Type II report will be available on the same terms once the observation period concludes.
Yes. SSO (SAML 2.0 / OIDC) is available on the Scale and Enterprise plans and works with Okta, Microsoft Entra ID, Google Workspace, and any standards-compliant IdP. SCIM provisioning is available on the Enterprise plan and handles provisioning and deprovisioning automatically. Both have been generally available since March 2026.
Events only: actor, action, timestamp, run identifier, and outcome. Audit logs never contain prompts, file contents, or deliverables. They are exportable from the dashboard and via the API.
Most enterprise reviews close in about two weeks. Start the conversation, or check how the platform is running right now.