Security Overview

Security Principles

POM is a multi-agent AI orchestration platform that enables organizations to deploy, govern, monitor, and scale autonomous AI agents. Security is foundational to POM's architecture.

POM is built on four core principles:

• Customer-owned data. POM does not train models on customer data. POM does not sell customer data. Customers retain full ownership and control of all data processed through POM.

• No-training commitment. POM contractually requires all third-party AI providers to refrain from using customer data for model training. POM enforces paid-tier-only routing to ensure compliance with provider no-training policies.

• Defense in depth. Multiple independent security layers protect customer data at every stage — process isolation, end-to-end encryption, TLS for all external communication, secure credential storage, and tool-level permission controls for agent actions.

• Flexible deployment. POM supports local (self-hosted), fully managed cloud, and hybrid deployment. In local mode, customer data stays on the customer's machine. In cloud mode, customer data is processed and stored within POM's managed cloud infrastructure, encrypted at rest and in transit. Hybrid configurations combine both — for example, a local daemon with cloud execution for scheduled or background tasks. In all modes, data is only sent to AI providers when needed for inference.

---

Compliance

---

Data Protection

Customer Data Handling

• All data in transit is encrypted using TLS 1.2 or higher.
• Cloud data at rest is encrypted using AES-256.
• Credentials and secrets are stored in the operating system's native secure storage (e.g., macOS Keychain, Windows Credential Manager), never in plaintext.
• POM recommends customers enable full-disk encryption for comprehensive local at-rest protection.

Data Retention

• Local deployment: Customers control retention of all locally stored data and can delete it at any time.
• Cloud deployment: POM manages data retention within its cloud infrastructure. Customers can delete session data at any time through the Service. Upon account termination, POM deletes customer data within 30 days.
• AI provider data: Third-party AI providers retain data for limited periods as required by their respective policies (see Sub-processor List).
• Account data: Upon account termination, POM deletes customer account data within 30 days, consistent with the Data Processing Agreement.

Data Portability

Customers can export their data at any time. POM stores data in standard, open formats — no proprietary format gates access to customer data. In local deployments, customer data remains intact and accessible on local machines regardless of POM service availability. In cloud deployments, POM provides data export functionality and retains customer data for 30 days following account termination to allow retrieval.

---

AI Provider Security

POM routes customer data through third-party AI model providers and may process data through POM's own internal models for operational purposes (such as routing optimization, query classification, and cybersecurity). POM does not use customer data for model training.

Third-Party Provider Requirements

POM evaluates all third-party AI providers against the following criteria:

• Contractual commitment not to use customer data for model training
• Data Processing Agreement meeting GDPR and CCPA requirements
• Documented data retention and deletion practices
• SOC 2 Type II or equivalent certification
• Breach notification and incident response procedures

POM maintains a publicly available Sub-processor List documenting all third-party providers, their purposes, data handling practices, and no-training commitments. Enterprise customers receive 30 days' advance notice before new sub-processors are engaged.

POM Internal Models

POM may operate internal machine learning models for operational purposes including model routing optimization, query classification, and cybersecurity (e.g., threat detection and content filtering). These models process customer data only as necessary to operate the Service and do not use customer data for training.

---

Agent Security

AI agents orchestrated through POM operate within a layered security model:

• Permission-based tool access. Agents do not have unrestricted access to system resources. Every action is classified by risk level and routed through POM's permission system — low-risk actions can be auto-approved, while high-risk and critical actions require explicit human approval.

• Budget governance. Spending controls are enforced at the per-agent and organization level, with configurable caps and approval queues.

• Human-in-the-loop. Human oversight is the default. Critical actions require explicit approval, and mobile clients enable remote oversight from any location.

• Session isolation. Each agent session operates in its own isolated context. Sessions do not share memory, state, or permissions. Cloud sessions execute in hardware-isolated environments.

• Workspace rollback. POM can create checkpoints before agents modify a workspace, enabling rollback to any previous state.

---

Authentication and Access Control

• All requests require valid authentication — anonymous access is not supported.
• Mobile devices pair via encrypted key exchange; pairings can be revoked at any time.
• Role-based access control (RBAC) is available for team and enterprise deployments.
• SSO integration via SAML 2.0 and OpenID Connect (OIDC) is supported for enterprise identity providers.
• Credentials are stored in the operating system's native secure storage, never logged or transmitted to POM's servers.

---

Network Security

• POM's local deployment has a minimal network footprint — no inbound connections are required.
• Cloud deployments use network-level isolation between customer workloads, encrypted internal communication, and controlled egress.
• POM's relay infrastructure for mobile connectivity uses end-to-end encryption — relay servers cannot read message content and do not store messages.
• POM does not send usage telemetry or diagnostic data without explicit customer opt-in.

---

Incident Response

POM notifies affected customers of a confirmed security breach within 72 hours, consistent with GDPR requirements and POM's Data Processing Agreement. Notification includes the nature of the breach, data categories affected, likely consequences, and measures taken.

Incidents are classified by severity (Critical, High, Medium, Low) with defined response timelines. Post-incident reports for critical incidents are shared with affected enterprise customers within 5 business days.

Security incidents should be reported to security@pom.dev.

---

Vulnerability Management

• POM conducts regular dependency audits and vulnerability scanning across its technology stack.
• Critical vulnerabilities are triaged within 24 hours and patched within 72 hours where feasible.
• POM maintains a responsible disclosure program for external security researchers (security@pom.dev), with 48-hour acknowledgment of reports.

---

Business Continuity

• Local deployment resilience. In local deployments, customer data is stored on the customer's machine and survives POM service disruptions.
• Cloud deployment resilience. POM Cloud implements multi-region deployment with failover, database replication, and defined RTO/RPO targets.
• Graceful degradation. If a single AI provider is unavailable, POM routes to alternatives automatically. Both local and cloud deployments are designed to continue operating during partial outages.

---

Detailed Security Documentation

For enterprise customers evaluating POM, a detailed security whitepaper is available under NDA covering architecture specifics, implementation details, and infrastructure design. To request access:

Email: security@pom.dev

---

Contact

---

This document is reviewed and updated quarterly. For the most current version, visit askpom.com/security.

Pom Labs, Inc.