Bot Velocity logoBot Velocity

Trust Center

Security architecture and operational controls for enterprise AI automation.

Bot Velocity applies secure-by-design principles across every layer of the platform. Isolation, integrity, and governance are built into the execution model — not bolted on as external controls.

Separation of Control and Execution

  • The orchestrator owns lifecycle state and retry authority — runners only execute
  • Execution is isolated in leased subprocesses with strict timeout enforcement
  • No shared mutable state between control plane and execution plane

Tenant Isolation

  • Tenant and folder boundaries enforced at the orchestration layer
  • Cross-tenant access blocked by design — no data leakage between organizations
  • Folder-scoped access controls restrict execution and credential visibility

Package Integrity

  • Workflow packages stored as immutable, hash-validated artifacts
  • Package integrity verified at execution time before extraction
  • Archive path validation prevents directory traversal during extraction

Encrypted Credentials

  • All credentials encrypted at rest and scoped to tenant and folder boundaries
  • TLS encryption for all data in transit
  • No plaintext secrets in execution logs or trace data

Role-Based Access Control

  • RBAC enforcement aligned to organizational authorization boundaries
  • Robot-scoped permissions limiting automated workflow access
  • Granular folder-level access policies for teams and service accounts

Auditability

  • Every lifecycle state transition is recorded with timestamp and actor
  • Policy enforcement decisions generate audit records by default
  • Execution traces provide full observability across orchestration boundaries

Detailed audit artifacts and internal security diagnostics are shared under NDA upon request.

Security contact: security@botvelocity.com