Security at Locus Founder
Locus Founder runs entirely on AWS inside an isolated, private network. Data is encrypted
in transit (TLS 1.2 and above) and at rest (AES-256), each customer's workspace is
logically isolated from every other, and the third-party credentials we hold on your
behalf are encrypted a second time at the application layer. We are currently completing
a SOC 2 Type II audit.
Our approach
Locus Founder is an AI agent that launches and operates internet businesses on your behalf.
To do that, we hold credentials, customer data, and operating context that you trust us to
protect. We design the platform so that security is enforced by the architecture: isolated
environments, least-privilege access, encryption by default, and reviewed, automated
deployments, rather than by manual process alone.
Reporting a vulnerability
Found a vulnerability? Email security@paywithlocus.com. We operate a coordinated-disclosure policy with safe harbor for good-faith research.