FerrFleet inherits the canonical FerrLabs platform security posture. The full list of controls — encryption at rest and in transit, identity and authentication, network isolation, vulnerability disclosure, audit logging, sub-processor management — is published at ferrlabs.com/security.
FerrFleet-specific posture
- Run isolation — each agent run executes in an ephemeral working directory; the runner process has no access to other tenants' data and is purged on completion.
- Secret injection — the Claude Code OAuth token used by the runner is injected from Vault at process start and never persisted in the run transcript.
- Transcript handling — run transcripts are stored encrypted at rest, scoped to the org, and deletable by the org owner. They are never used for model training.