> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turen.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance

> How Turen supports your compliance requirements

Turen is designed to help organizations meet compliance requirements for AI agent usage.

## What Turen Provides

### Complete Audit Trail

Every AI agent interaction is recorded and attributable:

* **Session recordings**: Full conversation history with timestamps
* **Security events**: Every rule trigger, block, and alert
* **Administrative actions**: All dashboard changes logged in [audit logs](/administration/audit-logs)
* **Agent activity**: Check-in history, policy sync timestamps

### Access Control

* **Role-based access**: Admin and Member roles with different permission levels
* **API key management**: Scoped, revocable keys for programmatic access
* **Agent credentials**: Per-machine authentication with rotation support
* **Organization isolation**: Complete data separation between organizations

### Data Protection

* **Encryption at rest**: AES-256-GCM for session data with per-org keys
* **Encryption in transit**: TLS 1.2+ for all cloud communication
* **Machine-bound credentials**: Agent secrets encrypted with hardware-derived keys
* **Key rotation**: API keys and agent secrets can be rotated without downtime

### Policy Enforcement

* **Pre-execution blocking**: Dangerous actions prevented before they happen
* **Centralized policy management**: Security rules managed from a single dashboard
* **Policy versioning**: Track when policies changed and what version each agent runs
* **Custom rules**: Create organization-specific rules for your compliance needs

## Reporting

The Turen dashboard provides data useful for compliance reporting:

* **Agent fleet inventory**: All registered machines with metadata
* **Session history**: Searchable archive of all AI agent sessions
* **Security event history**: All rule triggers and policy violations
* **Policy change log**: When rules were added, modified, or disabled
* **Access audit log**: Who accessed what and when
