Security you can hand to your compliance team.
Your credentials never touch the model. Every sensitive action waits for your approval. And your data never trains a model — not ours, not anyone’s.
You’re in control.
You approve every action
Giga never moves money, sends an external email, or pushes code without your explicit sign-off in Slack.
Disconnect at any time
Pause a user, kill a running task, or revoke any integration in one click — no support ticket required.
Connect only what you need
Admins decide which tools Giga can reach, who can use them, and at what scope.
Independently audited. Continuously verified.
The audit reports are real, the controls are monitored, and the next audit is always on the calendar.
Independent attestation that our security controls operate as designed. Type II in progress.
Report available under NDA.
EU data-protection requirements met across processing and storage.
DPA available on request.
California Consumer Privacy Act requirements met.
Privacy documentation available.
Cloud Application Security Assessment — required tier for sensitive Google API access.
Attestation included in compliance pack.
OAuth scopes and security posture vetted by Slack before shipment through the store.
Public App Directory listing.
ISMS controls implementation and evidence collection underway.
Controls overview today; evidence after certification.
What Giga does. What Giga does not.
Exactly what Giga touches — and what it never does.
Encrypts everything
TLS 1.2+ in transit. AES-256 at rest. Secrets held in dedicated, access-logged vaults.
Authenticates with SSO
SAML SSO across Okta, Entra ID, Google Workspace, OneLogin, and any SAML 2.0 IdP.
Offers data residency
US-hosted by default. EU data residency available on Enterprise contracts.
Revokes instantly
Admins can disconnect any integration, pause any user, or kill a running task in one click.
Train on your data
Your conversations and files never enter a training set — not ours, not our model providers’.
Read your secrets
API keys and tokens are injected at execution time by the tool gateway. The model never sees them.
Act without approval
Money moves, code pushes, and customer emails wait for your explicit approval in Slack.
Share across workspaces
Skills, integrations, and memory are walled off per workspace. No cross-tenant access.
AI brings new risks. We built for them.
An AI coworker introduces attack surfaces traditional SaaS doesn’t. Three controls keep that surface small.
Prompt-injection defense
Untrusted content is rendered as data, not commands. High-risk tools sit behind human approval — an injection still can’t move money or push code.
Named providers, no-training contracts
Inference runs on OpenAI, Anthropic, and Google. Each is on our public sub-processor list with a no-training agreement for Giga traffic.
Workspace isolation
Every workspace runs in a sandboxed execution environment. Skills, integrations, and memory are scoped to one tenant — what happens in your Slack stays in your Slack.
Giga’s data & engineering principles.
Store only what we need
We keep the logs and session data required to make Giga work well — and nothing more. No silent data hoarding.
We don’t train a model
Some agent companies quietly use your data to train. We don’t. We provide a service and ask you to pay for it.
Your data is encapsulated
Your data and another customer’s data can never touch. Tenants are isolated, and your keys are stored securely, never exposed to the model.
Questions for your security review?
Request our compliance pack, a DPA, or a deep-dive with our team. We’ll get your procurement unblocked fast.

