SabanaTech

Security

Security, in plain terms.

This page is the short version — enough for a CIO to green-light a pilot. The long version is our DPA and our ISO-aligned control summary, available under NDA.

ISO 27001-alignedUiPath PartnerGDPR & LGPD ready

The six controls behind every SabanaTech engagement.

Least-privilege by default

Named accounts, role-based access, and time-bound credentials for every engagement. No shared tenant admins.

Credentials never leave your tenant

Bot credentials live in your vault (UiPath Orchestrator, Azure Key Vault, AWS Secrets Manager). We read them at run time, not at rest.

Everything is logged

Every automation run, every agent tool call, every model inference — captured with inputs, outputs, and operator identity.

Data residency you can prove

We deploy in-region wherever required. No data leaves the customer tenant unless an explicit DPA permits it.

Change control that auditors recognise

All bot and agent changes go through CI/CD with peer review, environment promotion, and signed releases.

Human-in-the-loop on the moves that matter

Any action above a configurable threshold — payment release, refund, credit change — requires named human approval.

What we sign before we start.

Before any work begins we execute the standard package: NDA, DPA with your preferred data-residency and sub-processor terms, SCCs where they apply, and a Master Services Agreement that mirrors your procurement template where possible.

Incident response

On any suspected security event we notify a named incident contact at your side within 24 hours, triage within 48, and deliver a written post-mortem within 10 business days. We carry cyber-liability insurance appropriate to our client mix.

Model and AI safety

Agentic workflows run through policy-guarded tools, with retrieval limited to the knowledge bases you approve and hallucination-sensitive outputs passed through a human-in-the-loop before they affect your systems of record.

How to ask us anything

Security reviews can be long. We answer questionnaires in 5 business days as a matter of course. Reach us at security@sabanatech.com.