Superconductor Docs

Security

Superconductor takes security seriously. Here are some of the measures we take to protect your data.

Infrastructure & encryption

  • Hosted on AWS with VPC isolation and DDoS protection via AWS Shield
  • TLS 1.2+ for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Passwords hashed with bcrypt
  • API keys stored with an additional encryption layer

AI agent security

  • Agents run in isolated containers on Runloop with resource limits
  • Your code is private and not used to train AI models
  • Network sandboxing controls which external domains agents can access, with three modes: no access, custom access, or full access
  • Users must review all AI-generated code before production use

Authentication & access control

  • OAuth integration with Google, Apple, and GitHub
  • Role-based access control (RBAC): Owner, Admin, Developer, and Viewer roles
  • Multi-factor authentication supported via OAuth providers (Google, Apple, GitHub)
  • Session management with secure tokens

Data privacy

  • Usage data is strictly anonymized and aggregated (excludes actual code)
  • Most user data deleted within 30 days of account closure
  • Code shared with AI providers only when agents are executed
  • No sale of personal information to third parties

Compliance

  • GDPR-aware practices and CCPA compliance
  • Working toward SOC 2 Type 2 certification
  • Not currently HIPAA or PCI DSS compliant
  • Not FedRAMP approved

Contact

For questions about our security practices, please contact us. We aim to respond to security inquiries within 48 hours.

Pricing

Understand the costs of running AI coding agents on Superconductor.

Comparison to competitors

Superconductor is currently the best way to run AI coding agents in the cloud.

On this page

Infrastructure & encryptionAI agent securityAuthentication & access controlData privacyComplianceContact