Security and data handling

How Qoren secures managed agent environments.

Agents hold credentials and take actions, so the platform that runs them has to be specific about security. This page describes how Qoren isolates environments, protects secrets, limits what a single agent can do, and handles your data, including the third-party services involved.

Direct answer

How does Qoren secure hosted agents?

Each environment is a dedicated, isolated cloud machine, and each agent on it runs as its own system user with hard memory and CPU limits. Stored secrets are encrypted at rest with AES-256-GCM and revealed only where the agent needs them. Model spend stops at a hard cap you set. Magentic Studio, the Portugal-based operator, acts as GDPR controller for account data and as your processor for data your agents handle, with a DPA available on request.

Isolation
A dedicated machine per environment
Secrets at rest
AES-256-GCM encrypted
Spend
Hard caps; prepaid, never open-ended
Jurisdiction
Portugal (EU), GDPR, SCCs

Subprocessors and third-party services

The services Qoren uses to operate the platform, and what each one touches.

ServiceRoleData involved
DigitalOceanHosts agent environment machines.Agent workspaces, files, and runtime state.
OpenRouterModel access for managed keys and BYOK.The inputs and outputs your agents send to models.
ConvexApplication backend and database.Account, configuration, and operational data.
PolarPayment processing.Billing details; full card numbers never reach Qoren.
PostHog (EU)Product analytics.Usage events and device data.
ResendTransactional email.Email addresses and message content we send you.
AgentMailPer-agent email inboxes (optional add-on).Mail sent and received by agent inboxes you enable.

Isolation: one environment, one machine

Every Qoren environment is a dedicated virtual machine provisioned for you on DigitalOcean, not a shared container pool. One client's or project's agents, secrets, files, and logs live on their own machine, separated from every other environment you run and from every other customer. Within a machine, each agent runs under its own system user with enforced memory and CPU ceilings, so a runaway agent is contained twice: by its user boundary and by its resource limits.

  • Dedicated virtual machine per environment.
  • Dedicated system user per agent, with memory and CPU limits enforced by the service manager.
  • No shared agents, secrets, or workspaces across environments.

Secrets: encrypted at rest, revealed deliberately

Credentials you store in the vault are encrypted at rest with AES-256-GCM. Listings are write-only by default: the dashboard shows that a secret exists, not its value, and revealing a value is an explicit, audited action. Secrets are injected into an agent's environment only when you opt them in, and SSH keys used to manage machines are stored encrypted and decrypted only into ephemeral files during use. Traffic between your browser, the platform, and agent machines is encrypted in transit.

  • AES-256-GCM encryption at rest for stored secrets and SSH keys.
  • Write-only listings; value reveals are explicit and audited.
  • Per-agent injection you opt into, not blanket sharing.
  • TLS in transit throughout.

Blast radius: what one compromised agent can reach

The platform assumes any single agent could misbehave and keeps the damage bounded. An agent sees only the credentials you gave it, on the machine of its own environment, under its own system user. Model spend draws from your plan allowance and prepaid credits and stops at the cap, so a looping agent cannot generate an open-ended bill. Health monitoring raises alerts when an agent's process fails, goes offline, or degrades, and current service status is public.

  • Least-privilege by structure: per-agent user, per-environment machine, opt-in secrets.
  • Hard spend caps; you are never billed for usage you did not pre-pay.
  • Health alerts on failures, offline machines, and degraded agents.

Sources: Qoren service status

Account access

Sign-in supports GitHub and Google OAuth, email one-time codes, and passwords. Billing is handled by Polar; Qoren does not store full card numbers.

Your data: controller, processor, and the DPA

Magentic Studio is the data controller for your account data. For personal data your agents process on behalf of your business or your clients, you are the controller and Qoren acts as your processor, following your instructions and configuration. A data processing agreement is available on request. Data may be processed outside the EEA through subprocessors, protected by the European Commission's Standard Contractual Clauses. When you delete your account, associated data is removed in a cascade rather than orphaned.

  • GDPR controller/processor split, stated plainly in the privacy policy.
  • DPA available on request at hello@magentic.studio.
  • EU-based operator; SCCs for transfers outside the EEA.

Reporting a vulnerability

If you believe you have found a security issue in Qoren, email hello@magentic.studio with the details and enough information to reproduce it. You will get a human response, and we ask for reasonable time to fix confirmed issues before public disclosure.

Related guides

Frequently asked questions

Yes, structurally. Each environment is a dedicated virtual machine, and agents within it run as separate system users. Nothing about the isolation depends on application-level filtering alone.

Run OpenClaw or Hermes without managing infrastructure.

Deploy a managed agent environment, configure the runtime, and keep the agent online without Docker, VPS setup, or server maintenance.

Get started