Security & Trust
Trust is not a feature. It is the floor.
We build for regulated environments because our customers deserve honesty, restraint, and control. Security is how we earn the right to handle your data, not a slide in a deck.
Compliance & trust
Built for compliance.
We align to the standards our customers operate under, and we are direct about what is live today versus what is on the roadmap.
GDPR compliant
DPA, SCCs, and documented deletion flows as standard
EU AI Act aligned
Article 4 literacy and transparency obligations built in
Zero-retention AI mode
Ephemeral inference, nothing stored or trained on
Encryption at rest
AES-256 in transit and at rest with per-tenant isolation
On our security roadmap
SOC 2 Type II
ISO 27001
How we protect you
Six pillars we build against.
Principles we hold ourselves to across products, infrastructure, and how we work with customers.
Encryption everywhere
Every byte is encrypted in transit and at rest, with strict per-tenant isolation across our products.
Zero-retention mode
For sensitive workloads, run AI with no model-side persistence. Context is flushed when the response completes.
Identity you already own
Our platforms plug into your IdP and directory. Provisioning and access stay in your control.
EU data residency
Store your data where your regulator tells you to, with regional isolation for retrieval and inference.
Transparency & disclosure
Every access is logged. If something affects you, you hear from us inside 24 hours.
Tenant isolation
Every workspace is logically isolated. Nothing is shared by default.
Zero-retention AI
Read everything. Remember nothing.
For the most sensitive workloads, run our AI products in zero-retention mode. Content is processed in memory, the question is answered, and context is discarded. No training, no caching, no prompt logging. Your data leaves with the response.
Ephemeral inference, flushed after every request
Customer data never used to train any model
Per-workspace policy · audit-grade evidence
Request lifecycle
Request in
Encrypted over TLS 1.3
STEP 1
Context loaded
Retrieved into ephemeral memory
STEP 2
Inference
Model reads, reasons, responds
STEP 3
Flush
Memory wiped · nothing retained
STEP 4
Commitments
What we hold ourselves accountable to.
Operating principles, not marketing claims. The details matter; so does saying only what we can stand behind.
Zero retention
When you need it, nothing is kept after the request completes.
Encryption by default
AES-256 in transit and at rest, with strict tenant isolation.
Your identity layer
SSO, SAML, OIDC, and SCIM so access matches your directory.
Fast disclosure
If something affects you, we commit to telling you within 24 hours.
Questions welcome
Talk with our team.
If you are evaluating us, we would rather have an honest conversation early than win on vague assurances. Reach out when you are ready.