TrigGuard
TRIGGUARD SECURITY
Request a demo

Security & privacy

How TrigGuard protects execution paths, keys, and customer data—plus where to find our full privacy policy and terms.

Privacy & data handling

TrigGuard is designed to evaluate action metadata for authorization—not to warehouse your full application payloads. Deployment options support metadata-only processing, regional residency, and zero-retention sidecar models where policy requires it. For lawful bases, subject rights, and international transfers, read our Privacy Policy; for platform rules, see Terms of Service and the Trust Center.

// TRUST GUARANTEES

What the system commits to under declared policy.

Single-outcome evaluation

Every policy evaluation produces one finite decision: PERMIT, DENY, or SILENCE.

Fail-closed execution

If authorization cannot be established, execution cannot proceed.

Cryptographic receipts

Decisions can be recorded as signed receipts and verified independently of TrigGuard uptime.

Replayable evaluation

Policy outcomes can be reproduced from the original signal frame and declared rules.

No hidden policy layers

TrigGuard does not recommend actions, coach operators, or modify your execution logic — it evaluates and binds outcomes.

[ Verify a receipt → ] · [ Security → ]

// SECURITY PROOF

Evidence, not interpretation

Immutable record

Every PERMIT, DENY, and SILENCE is recorded with cryptographic binding. Receipts are tamper-evident and verifiable without asking TrigGuard to vouch after the fact.

Minimal disclosure

Evaluation uses declared structure and policy-relevant fields—not ad-hoc data mining. You supply what the policy needs; TrigGuard enforces the contract, not a narrative about your payloads.

Request Specs

// RESPONSIBLE DISCLOSURE

Reporting Vulnerabilities

TrigGuard welcomes responsible disclosure of security vulnerabilities affecting the website, protocol interfaces, verification flows, or hosted infrastructure.

How to Report

Email: security@trigguardai.com

For abuse reports: abuse@trigguardai.com

When reporting, please include:

  • Affected URL or component
  • Reproduction steps
  • Expected vs actual behavior
  • Impact assessment if known

// SCOPE

What to Report

Reports related to:

  • POST /execute endpoint
  • /.well-known/trigguard-keys.json
  • Receipt verification
  • Site vulnerabilities (XSS, CSRF, etc.)
  • Hosted authorization runtime

// GOOD FAITH

Good-Faith Disclosure

TrigGuard will not pursue action against researchers who:

  • Act in good faith
  • Avoid privacy violations
  • Avoid service disruption
  • Give us reasonable time to investigate before public disclosure

// RESPONSE

Response Target

We aim to acknowledge reports within 5 business days.

// BUG BOUNTY

Bug Bounty

TrigGuard does not currently operate a public bug bounty program.

// CRYPTOGRAPHY

Protocol Cryptography

TrigGuard uses Ed25519 for all receipt signatures. Receipts can be verified offline against published public keys.

Component Standard
Signature Algorithm Ed25519
Key Discovery /.well-known/trigguard-keys.json
Receipt Format JSON with deterministic serialization

// SECURITY.TXT

security.txt

Our security contact information is published at the standard well-known location per RFC 9116:

/.well-known/security.txt
Contact: mailto:security@trigguardai.com
Contact: mailto:abuse@trigguardai.com
Expires: 2027-01-01T00:00:00.000Z
Preferred-Languages: en
Canonical: https://www.trigguardai.com/.well-known/security.txt
Policy: https://www.trigguardai.com/security