Source: https://crabglamp.com/docs/security Last updated: 2026-06-09 Type: cross-cutting ## Data residency Compute and data live in the region you pick at provisioning. US Agents run in Hetzner's Hillsboro, OR data center (location code `hil`); EU Agents and Plain VMs run in Helsinki (`hel1`). Region is fixed for the resource's lifetime and influences which Stripe price cell is used. ## Vulnerability disclosure Email security reports to security@crabglamp.com. We acknowledge within one business day and target a fix or mitigation within ninety days for high-severity issues. Coordinated disclosure is the default — we will agree on a public disclosure date with the reporter. ## What is logged Across surfaces: - **Agent lifecycle events** — transfers and destroys are recorded as immutable audit events that persist after the Agent is gone. (Start/stop transitions are tracked separately on the usage timeline.) - **Plain VM lifecycle events** — destroys are recorded the same way; Plain VMs have no transfer. - **LLM proxy request logs** — per-request cost, model, and virtual key id, kept as daily usage aggregates. Raw request and response bodies are not stored. - **Voice/TTS request logs** — same shape as LLM. Raw bodies are not stored. - **OAuth token refresh events** — success or terminal error. Refresh tokens are never logged. - **Container logs from Agents** — the platform-side code logs at INFO level; customer code inside the container is not exfiltrated unless you opt in. ## What is stored at rest - **PostgreSQL** — all business data, including OAuth access and refresh tokens encrypted at rest (AES-256-GCM), vault SSH public keys (stored as plaintext at v1 — public keys are not secrets), single-use OAuth state nonces, and billing data. - **Upstash Redis** — proxy spend totals, per-key auth metadata cache. - **Tigris S3** — published glamp tarballs and individual published files. S3 access is presigned per request. ## Encryption at rest PostgreSQL volumes on the Vercel-side database are encrypted by the provider. Hetzner volumes are encrypted at the underlying storage layer. OAuth refresh tokens have a second encryption layer (AES-256-GCM) applied at write time by CrabGlamp so a database leak does not expose third-party credentials. ## Isolation boundaries per surface Each product surface has its own [Isolation and logging](/docs/agents/explanation/isolation-and-logging) explanation page. The summary is: every Agent runs on its own dedicated Hetzner server with a per-Agent Cloudflare Tunnel; every Plain VM is its own Hetzner server with a per-VM Cloud Firewall; the LLM proxy is a shared Go service that holds pool credentials and routes per virtual key.