Local-first execution
Ozthra AI Relay local mode works without cloud access and treats the local runner as the trust boundary.
Security and trust
Enterprise AI needs governance before it scales.
Ozthra designs AI adoption and Ozthra AI Relay workflows around local trust boundaries, explicit approvals, redacted audit summaries, and compliance-ready operating patterns.
Local-first execution Human approval gates Redacted by default Auditable runs
Compliance artifacts
SOC 2 Type II and ISO/IEC 27001 materials are available to qualified customers.
Ozthra provides security and compliance artifacts through a trust request process. Public pages intentionally avoid publishing private report packages or certificate files.
SOC 2 Type II ISO/IEC 27001 Trust access by request
Security posture
Controls built into the product and implementation model
Security is not a layer added at the end. These controls live at the runner boundary and in how Ozthra delivers every engagement.
Human approvals
External side effects such as commit, push, PR creation, and PR update actions require explicit approval.
Audit history
Runs persist terminal output, diffs, tests, approvals, checkpoints, retries, and policy outcomes locally.
Policy enforcement
Repository allow lists, risky command rejection, permission modes, and changed-file limits are enforced at the runner boundary.
Credential boundaries
Ozthra AI Relay does not collect AI subscription passwords and lets official agent CLIs handle authentication.
Redaction
Summary and team handoff payloads exclude raw prompts, raw logs, raw diffs, repository paths, and detected secret patterns.
Signed approvals
Approvals are cryptographically signed so every human gate is tamper-evident in the audit trail.
Policy-drift reporting
Ozthra AI Relay detects when an effective runner policy diverges from the declared baseline and reports the drift.
Compliance-evidence reports
Generate structured governance and audit-evidence exports for procurement and review—beyond raw per-run logs.
Org run analytics
The team dashboard reports cost in USD, throughput, success rate, and per-agent metrics across the organization.
Workspace access approval
Every self-serve workspace is email-verified and reviewed before activation, and signup is reCAPTCHA-protected—no anonymous tenants.
Hosted payment boundary
Checkout and card management happen on Stripe-hosted pages—card data never touches Ozthra systems, and billing webhooks are signature-verified.
Common questions
What security and procurement teams ask
Where does Ozthra AI Relay execute, and what is the trust boundary?
Ozthra AI Relay local mode runs on the developer machine or an approved runner and treats that runner as the trust boundary. It can operate without cloud access, so code and credentials stay on your infrastructure.
What requires human approval?
External side effects—commit, push, PR creation, and PR update actions—require explicit approval. A person stands between automation and anything leaving the machine.
Does Ozthra AI Relay collect AI subscription passwords?
No. Ozthra AI Relay does not collect AI subscription passwords; official agent CLIs handle authentication, and credential boundaries stay under your control.
What is excluded from exported summaries?
Summary and team handoff payloads exclude raw prompts, raw logs, raw diffs, repository paths, and detected secret patterns by default.
Trust requests
Need security documentation for procurement or review?
Contact Ozthra to request access to available SOC 2 Type II and ISO/IEC 27001 materials, security questionnaires, and product trust documentation.