Security at Fuze.

fuze-ai wraps your agent at the point it runs and writes structured records — prompts, tool calls, returns, guard decisions — to an append-only event store. The destination is whatever you configure: a local JSONL file, an object store you control, a self-hosted Postgres, or the managed Fuze Control backbone. There is no background telemetry, no usage beacon, and no model-vendor relay.

Raw arguments are excluded from the trace by default. The SDK config carries log_pii = false as the out-of-the-box setting; tool arguments are recorded as a hash, not as plaintext. Opting in (log_pii = true) is an explicit, per-agent choice, and the SDK README is clear that hashing arguments is not a substitute for GDPR data minimisation — that obligation stays with the deployer.

Retention is configurable on the store. Append-only is enforced at the write path, so existing records are never rewritten in place.

Signing lives in @fuze-ai/agent-signing. The package ships two signer adapters today — a local file-backed signer and an environment-variable signer — both intended for development and self-hosted deployments. A KMS-backed signer (@fuze-ai/agent-signing-kms) is on the roadmap and arrives with Phase 4.

Tamper detection on the trace itself is currently asymmetric across the two SDKs. The Python build emits an HMAC-SHA256 hash chain over the event log, so a single mutated record breaks the chain and is detectable on replay. TypeScript hash chain parity is on the published roadmap — we do not claim it as shipping today.

When the Article 14 oversight path is taken (ctx.requestOversight()), the reviewer signs the human decision and that signature is bound back into the run record. Modify-decisions create a chain fork pointing at the human's substituted arguments, not the model's — so an audit can always distinguish the two.

If you self-host, data lives wherever you point the emitter — Fuze never sees it. If you use the managed Fuze Control backbone, the platform runs from the EU, with Frankfurt as the planned primary region. Specific availability-zone topology, replication policy, and any future regions will be documented in the trust report rather than asserted on this page.

The mark in the footer of every Fuze page reads © 2026 Fuze Systems · Frankfurt — that is where the company operates from, and it is the same answer for the platform.

Until then, this page is intentionally short. We do not claim certifications we have not been audited against, we do not advertise an encryption posture we have not published in writing, and we do not list sub-processors before the list is signed off. The items below will be addressed in the trust report:

• Data residency — specific region, replication policy, future regions
• Encryption at rest and in transit — algorithms, key custody, rotation cadence
• Sub-processors — legal entities, locations, purposes, transfer mechanisms
• Certification status — ISO 27001, SOC 2, and any sector-specific schemes
• CLOUD Act exposure — control-plane analysis, mitigations, EU-only options
• Penetration testing — cadence, scope, remediation SLAs
• Incident response — detection, notification windows, GDPR Art. 33 alignment

If you are evaluating Fuze for a procurement process that needs an answer before the report is published, email hello@fuze.ai and we will share the current draft under NDA.

The vulnerability disclosure policy lives in SECURITY.md at the root of the SDK repo. Reports go to security@fuze.ai. Include a description of the issue, the affected package and version (npm ls @fuze-ai/agent is helpful), a reproduction, and your assessment of impact. Encrypt sensitive details if you can — the PGP fingerprint is published at /.well-known/pgp.txt.

Do not open public GitHub issues for vulnerability reports. Disclosure timelines (acknowledgement, initial assessment, fix or mitigation, coordinated public disclosure) are documented in SECURITY.md.

We do not currently operate a paid bug bounty. Reporters who follow the process are credited in the changelog for the release that contains the fix unless they ask to remain anonymous.

Fuze is a processor for evidence data the deployer captures with the SDK. The dashboard offers self-serve export and erasure for that data, so a data subject request can be fulfilled without opening a support ticket. Lawful basis enforcement is part of the agent type system in the Agent SDK — agents that touch a data class without a declared lawful basis fail at compile time.

The Article 33 (personal data breach) notification process, the SCCs used with US-domiciled sub-processors, and the Transfer Impact Assessment summaries will be set out in the Data Processing Agreement and the trust report rather than narrated on this page. The privacy notice — what we collect on the marketing site, how long we keep it, who it goes to — lives at /privacy.