Terra is building agent-native infrastructure for Offensive Security, and we hold our own operations to the standards we help our customers enforce. This page is the source of record for Terra's commitments to security, privacy, compliance, and corporate responsibility.
Terra maintains a security program designed to meet the requirements of enterprises operating in regulated industries. Controls are independently audited and continuously monitored. Security reports, policies, and completed questionnaires are available by request.
Terra operates as a data processor for customer-controlled information and as a data controller for limited business and account data. Our practices are designed to align with the world's most rigorous privacy frameworks.
A standard Data Processing Agreement is available for review and execution alongside the Master Services Agreement. The DPA incorporates Standard Contractual Clauses and reflects current sub-processor obligations.
Customer data is processed in [region] with regional residency options available for enterprise customers on request. Customer data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 or equivalent industry-standard encryption.
Terra operates autonomous agents that perform security testing on behalf of our customers. The boundaries within which those agents operate are foundational to the design of Terra Platform™.
Every engagement begins with explicit, documented authorization, and agents operate strictly within the defined scope.
Customer environments, findings, and engagement data are logically isolated. Findings from one customer are never shared, exposed, or used to inform testing in another customer's environment.
Every action taken by a Terra agent is attributable, logged, and auditable. Customers retain full visibility into agent activity within their scope, including request-level detail where required for investigation or compliance review.
Terra develops and deploys its models and agents with safeguards aligned to the NIST AI Risk Management Framework. Our approach addresses model misuse, resilience to prompt injection, and the secure handling of customer-derived data used in agent reasoning.
Terra's commitments extend beyond the technical. The standards we hold ourselves to in business conduct, supply chain integrity, and human rights are documented and enforced.
All Terra personnel are required to read and acknowledge the Terra Code of Conduct. The Code addresses ethical decision-making, conflicts of interest, harassment, and acceptable use of company resources.
Suppliers and contractors engaged by Terra are required to meet the standards set forth in our Supplier Code of Conduct, including labor, environmental, and ethical sourcing requirements.
Our hiring practices apply consistent, role-specific criteria to every candidate, and we source deliberately across backgrounds, experience paths, and geographies. We comply with applicable equal employment opportunity and non-discrimination laws in the jurisdictions where we operate.
Terra is committed to preventing modern slavery and human trafficking within our operations and supply chain. We expect the same commitment from every supplier and partner. Our annual statement is published in accordance with the principles of the UK Modern Slavery Act 2015 and is available on request.
The agreements and policies that govern Terra's products, services, and customer relationships are available below.
Terms of Service. [Link]
Privacy Policy. [Link]
Master Services Agreement. [Link or "available on request"]
Data Processing Agreement. [Link]
Acceptable Use Policy. [Link]
Cookie Policy. [Link]