Protecting your infrastructure
RouterMCP is built and operated by the RouterMCP team. We design for secure defaults, defense‑in‑depth, and least privilege across product, platform, and operations.
Data Protection
All endpoints enforce TLS. Data is encrypted at rest where supported by our providers.
- TLS for all traffic
- At‑rest encryption for storage
- Key/secret rotation procedures
Access Controls
Least privilege and isolation at the core of our infrastructure.
- Project and environment isolation
- Role‑based access (RBAC)
- Per‑tool enablement and defaults
Policies & Guardrails
Programmable safety layers for your agent connections.
- Rate limits and timeouts
- IP allowlists
- Request size and concurrency controls
Audit & Observability
Complete visibility into every tool call and configuration change.
- Structured logs with latency and errors
- Export to your SIEM (Enterprise)
- Project‑level dashboards
Vulnerability Management
Regular scanning and patching to maintain a hardened surface.
- Automated scanning and patching
- Dependency updates and review
- Hardened container images
Responsible Disclosure
Found a vulnerability? Please report it so we can investigate promptly.
- Coordinated vulnerability disclosure
- Prompt remediation timeline
- Security hall of fame
Incident Response
Our team follows a rigorous incident management process including triage, containment, remediation, and post‑incident review with root‑cause analysis.
Enterprise Compliance
SSO/SAML, SCIM, SIEM exports, and dedicated SLAs are available for Enterprise customers.
Effective date: October 3, 2025