Identity
SSO, directory groups, role, document policy.
EVENT LOGGEDThe platform runs in your perimeter, honors permissions at query time and training time, logs everything immutably, and can verifiably forget.
THE SECURITY DOSSIER
SSO, directory groups, role, document policy.
EVENT LOGGEDCustomer keys, retrieval boundary, source permissions.
EVENT LOGGEDRouting policy, guardrails, redaction, action scopes.
EVENT LOGGEDSources, response, tool calls, approvals, outcome.
EVENT LOGGEDSeparate permission, provenance, evaluation, rollback.
EVENT LOGGEDControl implementation is deployment-specific. Certification status, penetration testing, RTO/RPO, and formal mappings belong in the security pack—not in decorative badges.
CAPABILITY ATLAS
None. Models, indexes, weights, and telemetry remain in your environment.
Customer-managed keys; encrypted at rest and in transit.
SSO, directory sync, RBAC, and document-level enforcement.
Append-only, hash-chained logs with SIEM export.
Permission-aware training, signed adapters, gates, and unlearning.
Registry, routing, canary rollout, kill switch under 30 seconds.
No ‘zero hallucinations.’ We say every claim cited or refused, with error rates measured on your evaluation set. No unsourced statistics. No compliance seals we haven’t earned.
Prompts and retrieved content are masked before any model sees them. Per-category policy—mask, tokenize, or block—is controlled by your data-protection team.
Request the security architecture pack, compliance control mappings, and the unlearning demonstration—or send your questionnaire and we’ll return it completed.