Security

How LiveBridge handles your data, your LLM keys, and your VPS. We’re a small team building this carefully — honest about the threat model, not pretending to be SOC 2 certified.

Tenant isolation

• One dedicated DigitalOcean droplet per customer. No shared compute, no shared database, no noisy neighbours. The blast radius of any single-customer compromise is that one VM.
• Per-customer subdomain with Let’s Encrypt TLS issued by Caddy at provisioning time. All traffic is TLS 1.3 only; HTTP/2 + HSTS preloaded.
• ufw firewall locked to 22/80/443 on every customer VPS. No other inbound port is reachable from the internet.
• fail2ban watches SSH and bans IPs after repeated failed auth attempts.
• Cross-tenant network isolation — the control plane talks to customer VPSes only via the public TLS endpoints, never via a shared private network.

Your LLM keys

• Bring your own keys. Anthropic / OpenAI / Gemini keys are pasted by you, on your VPS, through the agent dashboard.
• Keys never cross our control plane. They live on your VPS’s disk and are read directly by the agent runtime container. We have no copy, no log, no replication.
• You pay the LLM provider directly. We don’t see your token usage, your rate-limit posture, or your model choice.
• Rotate any time in the agent dashboard. Revocation is immediate — the container picks up the new key on next call.
• On cancellation we destroy the VPS and the keys with it within 30 days.

Source code & image supply chain

• Pre-built Docker images from a private DigitalOcean Container Registry. Your VPS pulls them with a read-only token scoped to one registry. Our source code never lives on a customer machine.
• Image tags are immutable — a release pins a specific SHA. Rollback is one tag change.
• Open-source dependencies are vendored where security- critical: OpenClaw (MIT, sponsored by OpenAI / GitHub / NVIDIA / Vercel) for the agent runtime, Caddy for TLS, Postgres for state, Node 22 LTS for everything else.

Encryption

• In transit: TLS 1.3 everywhere, HSTS preloaded, no HTTP fallback. Customer-VPS subdomains use auto-issued Let’s Encrypt certs renewed by Caddy.
• At rest: DigitalOcean droplet disks are encrypted at the storage layer. Customer LLM keys + agent memory live behind chmod 600 + uid 1001 inside the container’s mounted volume.
• Database passwords + JWT secrets are generated per- customer at provision time using crypto.randomBytes(32). Stored only on the customer VPS and in our control-plane DB for support access.

Authentication

• Per-customer gateway token for the agent dashboard. 64-hex random, baked into the OpenClaw runtime at provision time and shown on the customer’s landing page.
• MCP endpoint auth by per-customer JWT signed with a per-customer secret. Claude.ai connects with that token; the relay rejects requests with any other signature.
• Operator access to the control plane via a single operator token in .env (mode 600, rotated every 90 days). Multi-operator JWT auth is on the roadmap.

Provisioning safety

• Strict input validation before any value reaches the cloud-init template — slug must match [a-z0-9][a-z0-9-]{1,30}[a-z0-9], email must match RFC 5322 short form. Newline or quote in either is rejected.
• Atomic rollback on any provision step failure. The worker deletes the droplet + every Cloudflare DNS record it created + marks the customer as failed. You never receive a half-deployed VPS.
• Idempotency keys on every provisioning job, deduped against Stripe’s event id so a webhook retry doesn’t double- provision.
• Healthz polling with a 12-minute budget before declaring a provision failed. Caddy TLS issuance + Docker image pull + agent startup typically completes in 7–8 min.

Backups

• Customer Postgres on each VPS will be dumped daily to DigitalOcean Spaces in a follow-up sprint. Retention 7 days on the Standard tier, longer on Enterprise.
• Agent memory files are markdown in a named Docker volume, backed up alongside Postgres.
• You can download a full export of your workspace from the agent dashboard at any time.

Rate limits

• Per-customer WebSocket on the relay is rate-limited at 60 bursts / 20 tokens/sec refill. Excess frames are dropped silently.
• Control-plane public endpoints have global rate limits behind Cloudflare; the waitlist signup is capped at 5 req/IP/hour.

Headers we send

• Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
• X-Content-Type-Options: nosniff
• X-Frame-Options: DENY
• Referrer-Policy: strict-origin-when-cross-origin
• Permissions-Policy denies camera, microphone, geolocation, USB, payment, accelerometer, gyroscope, magnetometer.

Vulnerability disclosure

Email security@livebridge.cloud. We respond within 48 hours. PGP key on request. We’ll credit reporters publicly with permission.

Compliance posture

We are not SOC 2 / ISO 27001 / HIPAA / GDPR DPA- ready today. We’re building toward SOC 2 once revenue justifies the audit. If you need a DPA or BAA right now, email novu@livebridge.cloud and we’ll discuss what we can offer in writing.

What we don’t do

• We don’t use your data to train anything.
• We don’t resell your data to anyone.
• We don’t aggregate metrics across customers in a way that could identify yours.
• We don’t store your LLM keys, your agent prompts, or your agent memory anywhere outside your VPS.