Security & compliancesecurity

Written for the people whose job is to say no.

The platform runs in your perimeter, honors permissions at query time and training time, logs everything immutably, and can verifiably forget.

TRUST CONTROL PLANEIDENTITYPOLICYAUDITLEARNINGREQUEST
ALLOWED
EVERY DECISION RECONSTRUCTABLE
0required data egress
CMKencryption ownership
control planes

THE SECURITY DOSSIER

A request, traced
through every control.

01

Identity

SSO, directory groups, role, document policy.

EVENT LOGGED
02

Data

Customer keys, retrieval boundary, source permissions.

EVENT LOGGED
03

Model

Routing policy, guardrails, redaction, action scopes.

EVENT LOGGED
04

Evidence

Sources, response, tool calls, approvals, outcome.

EVENT LOGGED
05

Learning

Separate permission, provenance, evaluation, rollback.

EVENT LOGGED

Control implementation is deployment-specific. Certification status, penetration testing, RTO/RPO, and formal mappings belong in the security pack—not in decorative badges.

CAPABILITY ATLAS

The detail beneath
the experience.

Product, operating model, controls, and ownership—made concrete enough for a technical review.
01POSTURE AT A GLANCE

Architecture, not adjectives.

01

Data egress

None. Models, indexes, weights, and telemetry remain in your environment.

02

Encryption

Customer-managed keys; encrypted at rest and in transit.

03

Identity

SSO, directory sync, RBAC, and document-level enforcement.

04

Audit

Append-only, hash-chained logs with SIEM export.

05

Learning

Permission-aware training, signed adapters, gates, and unlearning.

06

Model control

Registry, routing, canary rollout, kill switch under 30 seconds.

02CLAIMS WE DON’T MAKE

Measurements are engineering. Absolutes are marketing.

No ‘zero hallucinations.’ We say every claim cited or refused, with error rates measured on your evaluation set. No unsourced statistics. No compliance seals we haven’t earned.

03SENSITIVE DATA

Redaction before the model. Policies you set.

Prompts and retrieved content are masked before any model sees them. Per-category policy—mask, tokenize, or block—is controlled by your data-protection team.

04YOUR QUESTIONNAIRE

We answer with architecture diagrams.

Request the security architecture pack, compliance control mappings, and the unlearning demonstration—or send your questionnaire and we’ll return it completed.

SECURITY

Bring your security questionnaire to the briefing.

Book a sovereignty briefing ↗Inspect customer proof