Trust & Security

Security at Adam.

Keeping your data safe is the foundation everything else rests on. This page covers how we protect it, how to tell us when something looks wrong, and how to reach us when you'd rather not say who you are.

01

How we protect your data

The short version of Adam's security posture. The full detail, including every subprocessor, data residency, and our patch SLAs, lives on the Trust & Compliance page.

Encryption everywhere
TLS 1.2+ for data in transit and AES-256 at rest, across the database, file storage, and backups.
Isolated infrastructure
Agent work runs in per-user sandboxes that are stopped after inactivity and rebuilt on demand. Sandbox state never lands in backups.
Least-privilege access
MFA on every employee account, production access limited to the minimum necessary, and regular access reviews.
Data minimization
Model inputs are not used for training under our providers' commercial terms, and user content is deleted within 30 days of account closure.

Want the specifics? Read the full Trust & Compliance page.

02

Found a vulnerability?

We run a bug bounty program and pay for valid, in-scope findings. Reports don't require an account.

Bug bounty program
If you've found a security issue in Adam, we want to hear about it. The program page covers scope, rules, safe harbor, and rewards, and includes the report form.
View the bug bounty program
03

Speak up, anonymously

For concerns that need more discretion than a support ticket: misuse, safety issues, ethical concerns, or anything else you think we should know.

Anonymous whistleblower channel
Reports go straight to the Adam team. You don't need an account, and we keep nothing that could identify you: no name, no session, no IP address. Just the words you send.