> ## Documentation Index > Fetch the complete documentation index at: https://docs.browserbase.com/llms.txt > Use this file to discover all available pages before exploring further. # Enterprise security > SOC 2 Type II, HIPAA compliance, zero-trust browser isolation, and enterprise-grade security for Browserbase infrastructure. Browserbase is secure infrastructure for browser agents at scale. Leading companies in finance, healthcare, and government trust Browserbase with sensitive data. For full details, visit the [Trust Center](https://trust.browserbase.com/). ## Security architecture at a glance | Feature | Implementation | | -------------------- | --------------------------------------------------------------- | | **Isolation** | 1 browser per VM | | **Network security** | Individual subnets and strict firewall rules | | **Logging control** | Optional; disable logs and session video recordings at any time | | **Data residency** | Configurable by region (US/EU/Asia) | | **Model control** | BYO-LLM with full interceptor customization | | **Compliance** | SOC 2 Type II, HIPAA, third-party pen testing | *** ## Why enterprises trust Browserbase ### Enterprise-grade compliance * **SOC 2 Type II Certified** * **HIPAA compliant**: Business Associate Agreements (BAAs) available * Comprehensive third-party **penetration testing** with successful results * Full access to security documentation (e.g., auditor attestations, compliance portal access) provided on request ### Secure by design #### Zero trust browser isolation Browserbase follows a zero-trust architecture, assuming that any browser may be compromised. This design philosophy ensures comprehensive containment and minimizes risk. * **Browser isolation**: Each browser runs in a dedicated VM, providing strong isolation at the hardware virtualization layer. * **Network isolation**: Every browser runs in an isolated subnet with strict firewalls to prevent lateral movement. * **No browser reuse**: After each session, the virtual machine is killed and recreated from scratch, ensuring every browser session is completely fresh. * **No GPU access**: To avoid known security risks associated with shared GPU memory attacks. #### Patch management * Continuous updates with fast turnaround for critical CVEs * Browserbase patches Chrome versions proactively and automatically. * Compatibility testing for enterprise environments ensures stability across browser updates ### Transparent data handling * **Zero data retention**: [Disable logging](/reference/api/create-a-session#body-browser-settings-log-session) and [session recording](/reference/api/create-a-session#body-browser-settings-record-session) via the [Create Session API](/reference/api/create-a-session) to ensure no data is recorded. * **Configurable browser regions**: Choose your closest data center to minimize latency and ensure data sovereignty * US West * US East * EU (Germany) * Asia (Singapore) ### Guardrails for AI web browsing Browserbase offers AI-assisted browsing via Stagehand — it's designed for safe, deterministic agent workflows. #### Stagehand benefits * **Atomic, auditable steps**: Workflows are built as a series of deterministic, cacheable commands * **Self-healing actions**: If a selector changes, Stagehand retries using an LLM fallback only for that atomic step * **No full-page hallucinations**: Minimizes AI unpredictability by limiting LLM scope * **Prompt templating**: Sensitive data can be parameterized and injected at runtime to avoid LLM exposure * **Bring your own model (BYO-LLM)**: Maintain full control with your preferred model, keys, and compliance framework *** ## Summary Browserbase is designed for scalable browser agents, architected with security and trust at its core. With enterprise-grade controls, strict isolation, and transparent compliance, organizations can confidently scale sensitive workloads without compromising security. For regulated industries, sensitive workflows, or AI-powered browser agents under strict oversight, Browserbase is the secure infrastructure you can depend on. **Questions?** Contact the security team or request full compliance documentation through the [Trust Center](https://trust.browserbase.com/).