Brain Agents AI

Security

Brain Agents AI reads cost-and-optimization data from connected customer cloud accounts on a strictly read-only basis. The product never reads customer code, workloads, databases, storage objects, network traffic, secrets, or end-user data. Each customer workspace is stored in its own isolated dataset; queries cannot cross workspace boundaries. This page summarizes the overall posture; the linked pages below carry the depth.

Architecture overview

Brain Agents AI runs on Google Cloud in us-east1. Customer billing data, workspace configuration, and audit data all live in the same region.

The product is composed of small FastAPI microservices on Cloud Run, with Firestore for workspace and user state and BigQuery for normalized billing data. The marketing site is served from brainagents.ai; the authenticated application is served from app.brainagents.ai. Both are fronted by Cloudflare in proxied mode for edge protection and DDoS mitigation.

The Cloud Run services are publicly invokable. The security boundary is enforced at the application layer: every authenticated endpoint validates a Firebase-issued JWT before any business logic runs, and unauthenticated endpoints (signup, login, webhook receivers) carry endpoint-specific checks (signature verification, single-use invite tokens, pre-auth flows). The Cloud Run IAM perimeter is intentionally not relied on as a defense for these services; JWT validation at the FastAPI layer is.

For the data flow end-to-end, including the per-stage diagram, see /security/data-flow.

Data handling

What is read. Cost-and-optimization data only: line-item billing data normalized to FOCUS v1.2, optimization recommendations from each cloud's native advisors, and the resource metadata required to interpret cost. Nothing else.

What is stored. Raw billing snapshots land in Google Cloud Storage in us-east1 with a 90-day retention policy. Normalized data is loaded into BigQuery in us-east1, with one isolated dataset per workspace. Workspace configuration and sync metadata live in Firestore in us-east1.

What is NOT read. Brain Agents AI does not read customer code, workload contents, databases, storage objects, network traffic, secrets, or end-user data. The permissions granted at connection time (described below) do not grant any of that, and the product does not request it.

The full data flow, including per-stage handling and storage detail, is at /security/data-flow.

Encryption

At rest. Default Google Cloud encryption is applied to all customer data at rest in Firestore, BigQuery, and Google Cloud Storage. Encryption keys are managed by Google Cloud.

In transit. TLS 1.2 or higher is required on all endpoints. Cloudflare is configured in Full (strict) SSL/TLS mode with origin certificates installed on Cloud Run, so traffic is encrypted end-to-end between the customer's browser, the Cloudflare edge, and the Cloud Run origin.

Access scope on the customer's cloud

When a customer connects a cloud, they grant a narrow, read-only permission scoped to billing and cost-optimization data. The customer's account remains theirs; their compute, storage, networking, and data resources are unaffected.

  • GCP — IAM binding for read on the BigQuery billing export dataset, plus access to the Recommender API.
  • AWS — IAM role for the CUR 2.0 / FOCUS export, plus access to Cost Explorer and Compute Optimizer.
  • Azure — Lighthouse delegation for the Cost Management export, plus access to Azure Advisor.

Each binding is independently revocable. Disconnecting one cloud purges that cloud's data and leaves the others running. The full per-cloud table, including what each binding does and does not grant, is at /security/data-flow.

Authentication and account security

Authentication is handled by Google Cloud Identity Platform (Firebase Authentication). Accounts are scoped to a single workspace at creation time; cross-workspace access requires an explicit invitation.

Multi-factor authentication is available for all accounts via Firebase Authentication. Customers can enable MFA from their account security settings.

Passwords. Firebase Authentication enforces a minimum-length policy and rejects passwords known to be compromised. Password hashes are never visible to Brain Agents AI.

Sessions. Sessions use short-lived ID tokens with refresh-token rotation handled by Firebase Authentication. Tokens are validated server-side on every authenticated API call.

Operational practices

Engineering access. Access by Brain Agents AI engineering personnel to customer data is granted on a least-privilege basis and is logged via Google Cloud Audit Logs (Data Access logs are enabled on Firestore and on customer-data BigQuery datasets, with an exclusion filter to avoid logging routine product sync queries). Access is reviewed periodically.

Alerting. Backend services emit structured logs to Google Cloud Logging. Errors at ERROR and CRITICAL severity also trigger an email alert to the Brain Agents AI operations address via Resend, so production-impacting errors surface immediately for triage. This is an internal, operational channel.

Incident response. Brain Agents AI does not yet maintain a formal incident-response runbook. The current practice is: surface via the alerting path above, triage by the on-call founder-engineer, communicate to affected customers by email if customer data or service availability is materially affected, and document the incident internally. A formal runbook is part of post-launch compliance work.

Backups and recovery. Firestore is configured with point-in-time recovery (PITR), and BigQuery's built-in time-travel provides a 7-day recovery window on every dataset. There is no separate custom backup product; recovery relies on these built-in Google Cloud capabilities.

Compliance posture

Brain Agents AI does not currently maintain external attestations. Architecture follows GCP best practices and least-privilege access principles. Formal compliance work is scheduled post-launch.

Reporting a vulnerability

Send security reports to security@brainagents.ai. We acknowledge security reports within 5 business days.

In scope. The brainagents.ai and app.brainagents.ai services, and the data flow described at /security/data-flow.

Out of scope. Third-party services beyond our control, social engineering of staff or customers, denial-of-service testing, and automated scanning that generates significant load. Findings against staging or sandbox environments not exposed at the addresses above are also out of scope.

When reporting, please include the affected URL or endpoint, reproduction steps, and any proof-of-concept material. We do not currently operate a paid bug bounty.

Related pages

  • /security/data-flow — what data is read, where it is stored, and how it flows through the Service
  • /security/subprocessors — every third party that processes data on behalf of customers
  • /security/disconnect — what happens to data on cloud disconnect, subscription cancellation, and workspace deletion
  • /privacy — privacy practices and data-subject rights

Contact

For security and vulnerability matters: security@brainagents.ai. For privacy and data-rights matters: privacy@brainagents.ai.

Last updated: April 28, 2026.