Trust

Enterprise-ready, from day one.

Security, privacy, and compliance are built into the operating loop, not bolted on. Here's what to expect.

Security Posture

Defence in depth, by design.

Encryption

TLS 1.2+ in transit. AES-256 at rest. Customer-managed keys available.

Identity & Access

SSO/SAML 2.0 with SLO (Okta, Azure AD), SCIM 2.0 provisioning, MFA (TOTP) with brute-force lockout, RBAC, role-based ownership across Programs → Projects → Teams.

Tenant Isolation

Multi-tenant by design. Strict data isolation enforced at every query. Deny-by-default authorization with full permission audit.

Audit Trail

Hash-chained AuditLog: every record action and privileged operation is versioned with actor, timestamp and tamper-evident chain hash.

API-wide rate-limiting per tenant and per token. SCIM tokens expire on schedule.
CSRF protection with explicit double-submit cookies. Strict security headers (CSP, HSTS, X-Frame-Options).
PII redaction at the audit-log boundary. Sensitive operations require re-authentication.
Password rotation with session-inactivity timeouts. JWT and refresh-token revocation enforced server-side.
Read-only Discovery Probes, never write to your source systems.
Secrets vaulting for connector credentials. BYOLLM secrets rotate on a managed schedule.
On-premises hardening profile available for fully-isolated deployments.
Vulnerability disclosure programme and responsible disclosure policy.

Data Sovereignty

Your data, on your terms.

BYO LLM

Bring your own model

Route AI workflows to your preferred provider, including private, on-prem, or VPC-deployed models. Your prompts never train shared models.

Region Choice

Choose your region

Deploy in the region that matches your residency obligations. Data does not leave the region without your explicit consent.

No Model Training

We don't train on your data

Your records, prompts, and generated artifacts are yours. Nothing is used to train models, ours or anyone else's.

Compliance Frameworks

Aligned with the controls your auditors expect.

Evidence is produced continuously from the Persisted Knowledge Graph, not reconstructed during audit.

SOC 2
Type II Target
ISO 27001
Aligned
GDPR
Supported
HIPAA
Supported
PCI-DSS
Supported
SOX
Supported
Policy / Rule Engine evaluates every approval against codified standards, no manual gatekeeping.
Approval DAG with sequential staging, SLA timers and automatic escalation on breach.
Evidence collector & tagging attaches control evidence to each record continuously, not at audit time.
Exception & waiver workflow is a first-class governed record with owner, expiry and review cadence.
Lineage & reverse-traceability from any artifact back to its source records, model invocation and policy decisions.
Tech-taxonomy drift detector flags drift between approved standards and what's actually running in your estate.
Maturity scorecard for each control domain, scored continuously from live evidence.

Policies

Plain-language documents, on request.

Privacy Policy
How we collect, use, and protect customer data.
Request →
Acceptable Use Policy
Permitted and prohibited use of the platform.
Request →
Data Processing Addendum
GDPR-compliant DPA for enterprise customers.
Request →
Subprocessors List
Third-party services we use to deliver the platform.
Request →
Responsible Disclosure
How to report security issues to us.
Contact →

Need a deeper security review?

Talk to our team about your compliance, residency, and procurement requirements.

Talk to Trust Team