Hyponema

Security for voice agents with real customer data.

Database-level tenant isolation, encrypted provider keys, signed webhooks, audit trails, and runtime guardrails for agents that talk to customers on phone and web.

  • TLS in transit
  • AES-256-GCM envelope
  • Postgres RLS
  • HMAC-signed webhooks

Principles

Trust controls that map to the product.

The security model follows the surfaces your team actually touches: workspaces, provider keys, conversations, memory, tools, and webhooks.

01

Isolation belongs in the database.

Tenant-scoped tables enforce workspace boundaries with Postgres row-level security. Application code still checks access, but the database is the final gate.

02

Provider keys are treated as secrets.

Customer-supplied provider credentials are encrypted with per-credential data keys and only decrypted when a conversation needs them.

03

Change history stays reviewable.

Assistant turns emit trace trees. Agent, tool, credential, and session changes keep actor and timestamp metadata where the platform mutates state.

04

Runtime controls sit in the agent path.

Prompt-injection scrubbing, sensitive-memory rules, escalation rules, and topic cooldowns run inside the product flow instead of living only in internal policy.

Defense in depth

Five layers before a request touches customer data.

Identity, isolation, encryption, signatures, and observability work together so a voice-agent workflow can be reviewed, constrained, and traced.

  • 01

    Identity & access

    Passwordless sign-in, short-lived sessions, scoped API keys, and workspace membership controls.

    • Magic-link sign-in removes password storage and password reuse from dashboard accounts.
    • Short-lived JWT access tokens paired with opaque refresh tokens that single-use rotate and revoke their entire family on theft.
    • Refresh cookie scoped to /auth/refresh only — never rides regular API requests.
    • Rate limits on auth surfaces. Workspace-scoped API keys for server-to-server.
    • SAML 2.0 SSO and OIDC administration on the roadmap.
  • 02

    Tenant isolation

    Workspace boundaries are enforced by the database, not only by request handlers.

    • Postgres row-level security on every tenant-scoped table. Policies bind to a per-request app.current_tenant GUC set at request entry.
    • Cross-workspace reads fail when the database policy refuses to return rows for the active tenant.
    • A per-(tenant, user) write lock serializes mutations, preventing concurrent writes from corrupting memory state.
  • 03

    Encryption

    TLS in motion. AES-256-GCM envelope encryption for provider credentials.

    • TLS for all public endpoints. Database disk encryption at rest.
    • Bring-your-own provider credentials are encrypted with AES-256-GCM. Each credential gets a fresh data-encryption key (DEK).
    • Data-encryption keys are wrapped by a KMS-backed key-encryption key in managed environments.
    • Saved provider credentials are not shown back in plaintext through normal product surfaces; runtime use is scoped to the owning workspace.
  • 04

    Webhooks & integrations

    External events are signed, verified, replay-limited, and deduplicated.

    • Outbound webhooks signed HMAC-SHA256 with a timestamp so receivers can enforce a replay window (5 minutes recommended).
    • At-most-once queueing per tenant and event keeps retries from creating duplicate delivery records.
    • Inbound telephony signatures verified before business logic. Telnyx Ed25519, Twilio HMAC-SHA1. Failures return 401 before the orchestrator sees the payload.
    • Webhook endpoints auto-disable after 10 consecutive failures so a misconfigured listener never silently drops events.
  • 05

    Observability & audit

    Every turn is traceable. Sensitive payloads are truncated. Administrative changes are auditable.

    • Every chat and voice turn emits a tenant-scoped span tree across task, LLM, tool, guard, and score work.
    • Span payloads truncated at 16 KB to prevent inadvertent leakage of long inputs into observability storage.
    • Audit log captures token rotations, session revocations, and agent, credential, and tool changes.
    • Span retention is configurable by workspace policy for higher-volume deployments.

Agent safety

Guardrails in the path of the conversation.

Voice agents need controls that run where risk appears — on every assistant emission and every retrieval, not in a policy doc.

BLOCK · REDIRECT · ESCALATE

Runtime policies run on assistant output.

Per-agent keyword and regex filters inspect what the agent says before it goes out. Policies can block the turn, redirect to a canned reply, or escalate to a human.

KNOWLEDGE BASE

Knowledge is scrubbed before retrieval.

PDFs, web pages, and uploaded text pass through prompt-injection scrubbing before chunks reach the retrieval layer, so adversarial documents lose their teeth on ingest.

Data control

Export, delete, and retain data deliberately.

The plumbing for user access requests, deletion, and retention is part of the platform — not gated to enterprise contracts.

01

Per-user export, for every workspace.

A signed JSON bundle of memories, conversations, turns, open threads, and audit history. No pricing gate.

02

Right to be forgotten, with proof.

The forget workflow purges memory records and writes an audit row confirming the deletion path ran.

03

Your data never trains a foundation model.

Hyponema does not train foundation models on tenant data. External model providers run under the terms attached to the keys you bring.

04

Retention is deliberate, not opaque.

Recordings, transcripts, and observability spans each have their own retention windows, configured by workspace policy.

Compliance posture

Clear status on the standards buyers ask about.

No vague badge wall. The table separates what is available today from what is planned, and links to the legal artifacts already published.

  • GDPR DPAAvailable for every workspace, with EU and UK processing terms covered in writing. Read the DPA available
  • CCPAUser access and deletion workflows are supported through export and forget controls. available
  • Subprocessor listPublic and versioned, with notification commitments when vendors change. View subprocessors available
  • DSAR export + forgetPer-user JSON exports and deletion workflows with audit records. available
  • SAML 2.0 SSOPlanned for Enterprise workspaces with per-workspace IdP entity ID, SSO URL, and X.509 certificate. planned
  • SOC 2 Type IIPlanned. We can share the current control posture and security materials on request. planned
  • HIPAA BAAPlanned for healthcare deployments that require a signed BAA. planned

Shared responsibility

We secure the platform. You control the workflow.

Hyponema owns the infrastructure controls. Your team owns how agents are configured, who can access the workspace, which provider keys are connected, and how your end users are notified.

Hyponema owns

  • Encryption in motion and credential encryption at rest
  • Workspace isolation enforced by Postgres row-level security
  • Audit logging for platform-side changes and observability span persistence
  • HMAC-signed outbound webhooks and signature-verified inbound telephony
  • Runtime safety filters for knowledge ingestion, escalation, and sensitive memory

You own

  • Provider key scope, rotation cadence, and revocation after an incident
  • Agent configuration, including escalation rules and disclosure behavior
  • Webhook receiver controls: signature checks, replay protection, and secret storage
  • Workspace access management: who joins, which role they hold, and when to revoke
  • End-user consent, acceptable use, and disclosures required for your workflow