Data Architecture & Security
How ASCEND stores, protects, and isolates your data
Overview
ASCEND is a governance and enforcement platform for AI agents and MCP servers. This page describes what data ASCEND stores, where it resides, how it is encrypted, and who can access it.
ASCEND governs what AI agents do—database writes, API calls, financial transactions—not just what they say. Every action flows through risk assessment, policy enforcement, and cryptographic verification before execution. Everything is logged for regulatory compliance.
ASCEND never stores your proprietary data, trade secrets, or the content of your AI agent's outputs. ASCEND stores only governance metadata: what action was requested, the risk assessment, the approval decision, and the audit trail.
Data Classification
| Data Category | What's Stored | Classification | Retention |
|---|---|---|---|
| Organizational Data | |||
| Organization profile | Company name, slug, subscription tier, status | Internal | Account lifetime |
| User accounts | Email, role, permissions, organization association | Confidential | Account lifetime + 90 days |
| API credentials | Organization-scoped API keys, 32-char prefix, encrypted at rest | Restricted | Until rotation |
| Agent Governance Data | |||
| Agent registry | Agent IDs, display names, risk thresholds, operational mode | Internal | Account lifetime |
| Action records | Every submitted action: type, tool, risk score, status, justification, context | Confidential | Per tier (30 days–7 years) |
| Approval decisions | Approver identity, timestamp, workflow stage, signed tokens | Confidential | Per tier (30 days–7 years) |
| Policy rules | Smart rules configuration, workflow templates | Internal | Account lifetime |
| Audit & Compliance Data | |||
| Audit logs | Immutable record of all events: actions, approvals, denials, kill-switch, config changes | Confidential | Per tier (30 days–7 years) |
| Compliance mappings | NIST SP 800-53 control references, MITRE ATT&CK tactic/technique per action | Internal | With parent record |
| BYOK key metadata | Customer KMS key ARNs, health status, rotation history—never key material | Restricted | Account lifetime |
Storage Infrastructure
| Component | Purpose | Encryption | Availability |
|---|---|---|---|
| PostgreSQL RDS | All application data (organizations, users, agents, actions, workflows, audit logs) | AES-256 at rest, TLS 1.3 in transit, BYOK envelope encryption available | Multi-AZ with automated failover |
| AWS Cognito | User authentication, password management, session tokens, MFA | AWS-managed encryption, no passwords in application database | Regional redundancy (AWS-managed) |
| AWS Secrets Manager | Platform credentials, database connection strings, API signing keys | AES-256 with automatic rotation | Regional redundancy, least-privilege IAM |
| AWS SNS / SQS | Kill-switch messaging, agent control commands, notification dispatch | Server-side encryption, per-organization queue isolation | Regional redundancy, sub-second latency |
| AWS SES | Outbound email for critical alerts, daily digests | TLS in transit | Regional (us-east-2) |
| ECS Fargate | Stateless compute—no persistent data stored on containers | N/A (stateless) | Auto-scaling, multi-AZ task placement |
All infrastructure runs in AWS us-east-2 (Ohio). Total messaging infrastructure costs approximately $5/month using AWS-native services.
Tenant Isolation (4-Layer Architecture)
ASCEND enforces tenant isolation at four independent layers (SEC-TENANT-001). Each layer operates independently—a failure at any single layer cannot expose cross-tenant data.
┌──────────────────────────────────────────────────────────────────────────┐
│ TENANT ISOLATION LAYERS │
├──────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ Layer 1: Frontend Routing │ │
│ │ Organization-scoped URL paths (/org/{slug}/) │ │
│ └──────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ Layer 2: Backend Middleware │ │
│ │ Every API request validated against authenticated organization_id │ │
│ └──────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ Layer 3: Application Logic │ │
│ │ All queries include organization_id; API keys are org-scoped │ │
│ └──────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │ Layer 4: Database RLS │ │
│ │ PostgreSQL Row-Level Security enforces boundaries at engine level │ │
│ └──────────────────────────────────────────────────────────────────┘ │
│ │
└──────────────────────────────────────────────────────────────────────────┘
| Layer | Component | Mechanism | Failure Mode |
|---|---|---|---|
| 1 | Frontend Routing | Organization-scoped URL paths (/org/{slug}/) | Incorrect slug → 404, no data leakage |
| 2 | Backend Middleware | Every API request validated against authenticated user's organization_id | Mismatch → 403 Forbidden |
| 3 | Application Logic | All queries include organization_id; API keys are org-scoped | Missing filter → empty result set |
| 4 | Database RLS | PostgreSQL Row-Level Security enforces boundaries at engine level | RLS policy denies → zero rows returned |
Even if application code contains a bug that omits a tenant filter, the RLS policy at the database layer prevents cross-tenant data access. All 393 protected endpoints are validated against this model.
Access Control
Authentication Methods
| Method | Used By | Mechanism | Security Controls |
|---|---|---|---|
| Cognito JWT | Human users (dashboard) | OAuth 2.0 / OIDC with tenant-specific user pools | MFA, forced password change, HttpOnly cookies |
| API Key | Agent SDKs, gateways | 32-char prefix + encrypted secret, org-scoped | RLS enforcement, rotation support |
Roles
| Role | Permissions | Scope |
|---|---|---|
| Super Admin | Full access: agents, users, policies, approvals, BYOK, settings | Own organization only |
| Admin | Manage agents, approve actions, configure policies, view audit logs | Own organization only |
| Approver | Review and approve/deny pending actions in assigned workflows | Assigned workflows only |
| Viewer | Read-only: dashboards, audit logs, agent status | Own organization only |
Platform Administration
Platform-admin access is restricted to OW-KAI operational personnel with credentials stored in AWS Secrets Manager under least-privilege IAM policies with mandatory rotation. BYOK customers retain independent encryption key control—even platform-level access cannot decrypt BYOK-protected data without the customer's CMK.
Encryption Architecture
At Rest
| Component | Method | Key Management |
|---|---|---|
| PostgreSQL RDS | AES-256 via AWS RDS encryption | AWS KMS or customer CMK (BYOK) |
| Secrets Manager | AES-256 with auto-rotation | AWS KMS default |
| SNS / SQS | Server-side encryption (SSE) | AWS-managed |
| API Keys | Encrypted storage, 32-char prefix for lookup without decryption | Application-level |
In Transit
All external communications use TLS 1.3 minimum via Application Load Balancer with AWS Certificate Manager. Internal service-to-service communication within VPC uses encrypted channels.
BYOK (Bring Your Own Key)
Enterprise customers supply their own AWS KMS CMK for envelope encryption. ASCEND encrypts data encryption keys (DEKs) with the customer's CMK. Customers retain full control—revoking the CMK immediately renders data unreadable.
| Capability | Details |
|---|---|
| Key Registration | POST /api/v1/byok/keys — register CMK ARN |
| Health Monitoring | Automated 15-minute checks with proactive notifications |
| Manual Rotation | POST /api/v1/byok/keys/rotate — trigger re-encryption |
| Auto-Rotation Detection | Detects CMK version changes, auto-re-wraps DEKs |
| Key Revocation | Customer disables CMK → data immediately unreadable |
BYOK is designed to fail-secure. If ASCEND cannot reach the customer's CMK, all encryption and decryption operations fail rather than falling back to platform-managed keys. See BYOK Encryption for full setup and troubleshooting.
End-to-End Data Flow
Every agent action follows this 10-step path from submission to audit trail:
┌─────────────┐ ┌───────────────┐ ┌──────────────┐
│ 1. Agent │────▶│ 2. TLS 1.3 │────▶│ 3. Auth │
│ SDK │ │ Transport │ │ Layer │
└─────────────┘ └───────────────┘ └──────┬───────┘
│
┌───────────────┐ ┌───────▼──────┐
│ 5. Policy │◀────│ 4. Risk │
│ Engine │ │ Engine │
└───────┬───────┘ └──────────────┘
│
┌────────────▼────────────┐
│ 6. Action Record │
│ (written to database) │
└────────────┬────────────┘
│
┌─────────────────┼─────────────────┐
│ │ │
┌──────▼──────┐ ┌──────▼──────┐ ┌──────▼──────┐
│ 7. Notify │ │ 8. Approval │ │ 9. Execution│
│ (Slack, │ │ (Human-in- │ │ (Signed │
│ Webhook) │ │ the-Loop) │ │ token) │
└─────────────┘ └─────────────┘ └──────┬──────┘
│
┌──────▼──────┐
│ 10. Audit │
│ Trail │
└─────────────┘
| Step | Component | What Happens |
|---|---|---|
| 1 | Agent SDK | Agent invokes SDK before sensitive action |
| 2 | TLS Transport | HTTPS/TLS 1.3 to pilot.owkai.app |
| 3 | Auth Layer | API key validated, RLS session variable set |
| 4 | Risk Engine | CVSS v3.1 + NIST 800-30 + MITRE ATT&CK scoring (0–100) |
| 5 | Policy Engine | Smart rules evaluated, routing determined |
| 6 | Action Record | Full record written to agent_actions table |
| 7 | Notification | Dashboard, Slack, webhook dispatched per config |
| 8 | Approval | Human reviews in Authorization Center |
| 9 | Execution | Signed token generated, agent proceeds or blocks |
| 10 | Audit Trail | Immutable record of complete lifecycle |
Kill-Switch Architecture
The kill-switch provides immediate, organization-wide agent shutdown capability:
| Attribute | Specification |
|---|---|
| Latency | < 1 second (100–500ms typical) |
| Path | Dashboard → SNS → SQS (per-org) → SDK → Agent STOPS |
| Notifications | Simultaneous: Dashboard, Slack, Webhook, Email, SMS |
| Fail Mode | Fail-closed: unreachable ASCEND = blocked actions |
┌──────────┐ ┌──────────┐ ┌──────────────┐ ┌──────────┐
│ Dashboard │────▶│ SNS │────▶│ SQS (per-org)│────▶│ SDK Poll │
│ (Admin) │ │ Topic │ │ Queue │ │ → STOP │
└──────────┘ └──────────┘ └──────────────┘ └──────────┘
│
┌────────────┼────────────┐
▼ ▼ ▼
┌─────────┐ ┌─────────┐ ┌─────────┐
│ Slack │ │ Webhook │ │ Email │
└─────────┘ └─────────┘ └─────────┘
If an agent SDK cannot reach ASCEND, all governed actions are blocked by default. This prevents agents from operating outside governance during network interruptions or outages.
Compliance Alignment
| Framework | Capabilities | Key Controls |
|---|---|---|
| SOC 2 Type II | Audit trails, RBAC, encryption, change management | CC6.1, CC6.3, CC7.2, CC8.1 |
| PCI-DSS | Data protection, access logging, key management | Req 3, 7, 8, 10 |
| HIPAA | PHI access controls, audit logging, BYOK | §164.312(a)(b)(c)(e) |
| FedRAMP | AWS GovCloud compatible, NIST 800-53 mappings | AC, AU, IA, SC families |
| NIST AI RMF | AI risk assessment, governance, HITL enforcement | Govern, Map, Measure, Manage |
For detailed compliance control mappings, see Compliance.
Data Retention by Tier
| Data Type | Developer | Business | Enterprise |
|---|---|---|---|
| Audit Logs | 30 days | 1 year | 7 years |
| Action Records | 30 days | 1 year | 7 years |
| Agent Registry | Account lifetime | Account lifetime | Account lifetime |
| BYOK Key Metadata | N/A | Available | Available |
Security Validation
472 automated tests at 100% pass rate across 12 security layers. Every deployment runs the full security test suite before reaching production.
| Security Layer | Tests | Status |
|---|---|---|
| Rate Limiting | 28 | Verified |
| Prompt Security | 62 | Verified |
| Code Analysis | 54 | Verified |
| Action Governance | 48 | Verified |
| JWT Authentication | 41 | Verified |
| API Key Validation | 37 | Verified |
| RBAC Authorization | 56 | Verified |
| BYOK Encryption | 44 | Verified |
| Audit Logging | 38 | Verified |
| Input Validation | 32 | Verified |
| Secrets Management | 18 | Verified |
| Security Headers | 14 | Verified |
| Total | 472 | All Verified |
Next Steps
- Security Architecture Overview - 12-layer defense-in-depth model
- Data Encryption - Encryption implementation details
- BYOK Encryption - Bring Your Own Key setup and management
- Authentication - JWT, API key, and Cognito authentication
- Authorization - RBAC roles and permissions
- Compliance - Framework-specific control mappings