StoneAI A FanXus Company Return to the Engine
Covenant Documents

Security & Trust

Last updated: 2026-06-23

StoneAI — The Covenant Engine, a FanXus company — is a system for governing autonomous agents. Trust is the product. This overview explains how we engineer it: cryptographic consent, a tamper-evident ledger, strict tenant isolation, and defense in depth.

Security is structural, not optional. StoneAI is advisory: it proposes decrees but never acts on its own. Every consequential action is gated by a human covenant — an Ed25519 signature bound to the decree's content hash — and recorded in an append-only, hash-chained audit ledger. Unauthorized changes are not merely discouraged; they are made detectable by design.


01Cryptographic Consent (Covenants)

Each governed action begins as a decree whose canonical content is hashed. To authorize it, a human authority produces a covenant: an Ed25519 digital signature over that decree's content hash. Signing keys are per-tenant; the private key remains under the Customer's exclusive control and is never transmitted to or stored by StoneAI. We hold only the corresponding public key, which we use to verify the signature.

Because the covenant is bound to the content hash, the authorization cannot be silently repurposed: if a single byte of the decree changes, the hash changes, the signature no longer verifies, and the action is refused. A covenant authorizes exactly what was reviewed — nothing more. This eliminates the "bait-and-switch" class of attack where an approval is reused against altered content.

02The Approval Brake

No decree executes without a valid covenant. This "approval brake" is enforced at the core of the platform and cannot be bypassed by configuration. Even during a service-availability event, the brake holds: the failure mode is "nothing happens," never "an action proceeds unauthorized."

03Append-Only, Hash-Chained Audit Ledger

Every consequential event — a decree issued, a covenant sealed, a decree rejected, a key rotated, a setting changed — is written to a per-tenant audit ledger. The ledger is append-only: entries cannot be updated or deleted through the application. Each entry includes the hash of the previous entry, forming a hash chain in which any alteration to a past record breaks every link that follows it. This makes the ledger tamper-evident: an auditor can independently recompute the chain and detect any attempt to rewrite history.

04Tenant Isolation

StoneAI is multi-tenant with strict logical isolation. Each tenant's data, keys, ledger, and configuration are segregated, and access controls are enforced on every request so that one Customer can never read or affect another's data. Per-tenant signing keys and per-tenant ledgers mean a compromise scoped to one tenant does not cascade across the platform.

05Encryption

Data is encrypted in transit using current TLS, and at rest using strong, industry-standard algorithms. Sensitive material such as authentication secrets is stored only in hashed or encrypted form. We do not store private covenant keys, full payment card numbers, or cryptocurrency wallet credentials.

06Access Control & Least Privilege

We operate on the principle of least privilege. Administrative and infrastructure access is limited to personnel who require it, protected by strong authentication, and logged. Access is reviewed periodically and revoked promptly when no longer required. Production changes follow controlled, auditable processes.

07Infrastructure & Sub-Processors

StoneAI runs on hardened cloud infrastructure provided by Amazon Web Services. Payments are handled by Stripe, PayPal, and Coinbase Commerce, each of which manages payment credentials under its own controls. Our sub-processors are listed in our Privacy Policy and Data Processing Addendum, and each is bound by data-protection obligations.

08Resilience & Availability

We monitor the platform continuously and maintain redundancy and backup practices to support availability and recovery. Our availability commitment and service credits are described in our Service Level Agreement.

09Data Handling & Retention

We minimize what we collect and retain. Account, metering, and audit data are retained for the periods described in our Privacy Policy; the tamper-evident ledger is retained for the contracted term to preserve its integrity. Return and deletion on termination are governed by the DPA.

10Responsible Disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability in StoneAI, please report it privately to support@fanzunlimited.com with enough detail to reproduce the issue. Please:

We will acknowledge legitimate reports, keep you informed of our progress, and will not pursue action against researchers who act in good faith and within this policy.

11Incident Response

We maintain procedures to detect, investigate, and respond to security incidents. If a personal-data breach affects a Customer, we will notify the affected Customer without undue delay and in any event within seventy-two (72) hours of becoming aware, consistent with our DPA.

12Contact

FanXus — StoneAI · Security & Trust · United States
support@fanzunlimited.com