Procurement summary
Trust, with the gaps included
A compact, factual view of Passport's data flow, implemented controls, recovery evidence, and current assurance status. This is not a certification, audit report, penetration-test report, or contractual SLA.
Last reviewed: July 2026
Service and data flow
One governed gatewayEmployees use their existing AI clients or Passport CLI; both reach the same server-side passes, client selection, guardrails, and activity trail.
Credentials stay at the gatewayUpstream and identity-provider secrets are AES-256-GCM encrypted. Long-lived session validation records, bridge credentials, and agent keys are retained only as one-way SHA-256 digests. Desktop device-flow approval uses a 10-minute encrypted delivery handoff.
Operational telemetry excludes contentMCP inputs and outputs, prompts, files, cookies, authorization headers, query strings, and response bodies are not sent to operational diagnostics. See Privacy and Subprocessors.
Implemented and tested
Identity, tenancy, and egress controlsOAuth 2.1/PKCE with rotation and reuse detection; version-guarded tenant writes; SSRF and redirect-hop validation; production configuration that refuses unsafe startup.
Gateway enforcementServer-side passes, per-tool controls, member approvals, secret and injection guardrails, client selection, append-only user activity, and a separate admin audit trail.
121 dated MCP handshakes · 17 pinned open toolsetsCommitted catalog evidence distinguishes a point-in-time protocol check from uptime, endorsement, or a security guarantee.
Secure development gatesEvery release runs secret scanning, production dependency audits, SAST, cross-tenant and auth contracts, and CLI acceptance. Scheduled resilience workflows separately exercise backup restoration, multi-replica coherence, and bounded load.
Reliability and recovery
External and in-process signalsFive-minute external probes cover health, database readiness, status, and a read-only product contract. Sentry and aggregate metrics cover errors, latency, pools, rate limits, and upstream-circuit transitions without collecting MCP content.
Recovery is exercisedA recurring synthetic drill restores a logical Postgres backup and decrypts protected data. Separate drills exercise two replicas and bounded gateway load.
Boundaries of that evidenceSynthetic restore evidence does not prove a hosting provider's production backup/PITR toggle or retention setting. Operators verify those settings separately. No contractual RTO or RPO is published during early access.
Current independent assurance
SOC 2No SOC 2 report yet.
External penetration testNo independent third-party penetration-test report yet.
Uptime and SLANo independent third-party uptime history or contractual SLA yet. The status page is a live, self-reported component view.
ContractsDPA terms are handled on request. Enterprise support, residency, recovery, and service commitments must be agreed explicitly with hello@passportmcp.com; this page does not create them.
Evidence links
Security · Privacy · Subprocessors · Status · Terms · Self-hosting · Vulnerability policy