Skip to content
Sire
Back to Blog

Sire's Security Architecture: How We Protect Your Data

By Sire Team

securityarchitectureenterprise

Security by Design


At Sire, security isn't an afterthought — it's built into every layer of the platform. When you trust digital workers to operate on your behalf, you need confidence that your data is protected and every action is verifiable.


Tenant Isolation


Every Sire tenant operates in complete isolation:


  • Database-level row isolation with tenant ID enforcement on every query
  • API middleware validates tenant context on every request
  • No cross-tenant data leakage is architecturally possible
  • Separate encryption keys per tenant for sensitive data

    • Cryptographic Audit Trail


    Every workflow execution produces a Merkle tree hash chain:


  • Each step's input and output is hashed as a leaf node
  • The root hash provides a tamper-proof summary of the entire execution
  • You can verify any step independently without accessing other data
  • Audit proofs can be exported for compliance review

    • API Security


  • CSRF protection on all state-changing endpoints
  • Request body size limits to prevent abuse
  • Security headers (HSTS, Content-Security-Policy, X-Frame-Options)
  • Rate limiting with configurable per-tenant limits
  • JWT-based authentication with short-lived access tokens and refresh rotation

    • Infrastructure Security


  • GKE Autopilot with automatic security patching
  • Cloud SQL with encryption at rest and in transit
  • Private VPC networking with no public database endpoints
  • Secrets managed via Google Secret Manager
  • Container images scanned for vulnerabilities in CI

    • Human-in-the-Loop Controls


    Sire's guardrail system lets you configure approval requirements:


  • Confidence threshold below which a step requires human approval
  • Sensitive operation flags for steps that modify external systems
  • Automatic execution suspension when anomalies are detected
  • Notification alerts for all suspended executions

    • Compliance Readiness


    We're building toward SOC2 Type II certification:


  • Comprehensive audit logging of all admin actions
  • Data export and deletion for GDPR compliance
  • Retention policies with configurable data lifecycle
  • Evidence collection for security control documentation

    • Learn More


    Visit the [Audit Trail](/admin/audit) page to verify execution integrity, or contact us for our security whitepaper.