Trust · Security

Security at CrossLayer

Last updated: May 25, 2026

This page describes the controls we have in place today and the ones we are actively building. We believe in honest, pre-launch transparency: we'll tell you what's done, what's in progress, and what's deferred.

Pre-launch status: CrossLayer is an early-access service. We do not yet hold a SOC 2 Type II report. We are designing the platform to the SOC 2 control framework so a future audit primarily validates existing practice. If you are an enterprise security team evaluating us, please email security@crosslayer.ai — we'll share architecture diagrams and answer questionnaires.

Architecture summary

Multi-tenant by design

Every record in the database carries a tenant_id foreign key. Application middleware sets a per-request tenant context that database queries must honor.

Encryption in transit

TLS 1.2+ enforced end-to-end. HSTS enabled. Secure cookies only.

Encryption at rest

Disk encryption on all storage. OAuth tokens additionally wrapped in NaCl sealed boxes (curve25519) before being written to the database.

Authentication

Sign-in is handled by WorkOS, a SOC 2 Type II identity provider. Supports Google, Microsoft, and enterprise SAML/OIDC. We never see or store passwords.

Tenant isolation

Cross-tenant data access is blocked at three layers: foreign-key constraint, application middleware, and a Python ContextVar guard that raises if a query is attempted with the wrong tenant.

OAuth integrations

Slack and GitHub tokens are stored encrypted, scoped to a single tenant, and revocable in one click from the in-app Settings page.

Data flow

You sign in via WorkOS. We receive your email and a verified identifier and create (or look up) your tenant.
You connect Slack and/or GitHub via standard OAuth 2.0. The provider sends us an access token; we encrypt and store it bound to your tenant_id.
Slack delivers events for channels you've invited the bot to via signed HTTPS webhooks. We verify the X-Slack-Signature HMAC on every request before processing.
For skill extraction we send the relevant message text to Anthropic's API. Anthropic does not train on API inputs (per their commercial terms) and retains inputs for at most 30 days for trust & safety review.
The extracted skill is written to the database, again scoped to your tenant_id, and an audit log row is created.

OAuth scopes — what we ask for and why

Slack

Scope	Why
`app_mentions:read`	So the bot can respond when you @mention it.
`channels:history`	Read messages in public channels where the bot has been invited — the input the skill extractor reads.
`chat:write`	Post back into the channel with confirmation cards and signal alerts.
`commands`	Slash-command surface for upcoming admin actions.
`users:read`	Resolve the user ID who sent a message into a display name in the audit log.

We do not request im:history or mpim:history: DMs between humans are never sent to us.

GitHub (when connected)

Scope	Why
`repo:read`	Read repository metadata and file contents you explicitly direct us to.
`metadata`	List repositories so you can pick which ones to connect.

Operational controls

Least-privilege access. Production access is limited to the founding team and gated by hardware security keys.
Audit logging. Every skill creation, governance change, OAuth connect/disconnect, and signal dispatch is recorded in an immutable audit log scoped to your tenant.
Secrets management. Application secrets and the encryption master key live in environment-variable storage at our infrastructure provider, not in source code.
Dependency hygiene. Automated dependency scanning on every commit; patch-level CVEs reviewed weekly.
Backups. Encrypted daily backups, 7-day rolling window, fully overwritten within 35 days.
Sub-second key revocation. Disconnecting an integration deletes the encrypted token from the database within the same request.

Vulnerability disclosure

If you believe you've found a security issue, please email security@crosslayer.ai with steps to reproduce. We will acknowledge within 2 business days and aim to remediate critical issues within 14 days. We will not pursue legal action against good-faith researchers who follow standard responsible-disclosure practices, give us a reasonable window to fix, and avoid accessing data that isn't theirs.

Subprocessors

A current list of our subprocessors is available at crosslayer.ai/subprocessors. We give 14 days' notice in-app and by email before adding a new subprocessor.

Roadmap (honest)

SOC 2 Type II audit — targeting Q4 2026 / Q1 2027
HIPAA BAA — not currently in scope; the Service is not designed for PHI
SCIM provisioning — planned alongside enterprise plan
Per-tenant data residency (EU region) — planned once initial demand is validated
Self-serve audit-log export — in progress

Contact

Security questions, questionnaires, vulnerability reports: security@crosslayer.ai.