Trust & Security

Your Data. Your Infrastructure.Your Rules.

We build AI systems that deploy where you need them — on-prem, in your VPC, or fully air-gapped. Your compliance team signs off, not ours.

Deployment Options

Choose the deployment model that matches your security requirements. Every option delivers the same functionality.

On-Premises

Full deployment within your data center. No external network calls. Complete physical and logical control.

  • Hardware you own and control
  • No internet dependency
  • Full regulatory compliance

VPC / Private Cloud

Deployed in your private cloud environment (AWS, Azure, GCP). Network isolation with managed infrastructure.

  • Your cloud account, your keys
  • Network-level isolation
  • Scalable infrastructure

Air-Gapped

For the most sensitive environments. No network connectivity to external systems. Offline model inference.

  • Zero external connectivity
  • Local LLMs via Ollama
  • SCADA / OT network compatible

Hybrid

Combine on-prem processing with selective cloud services. You define which data stays local and what can traverse the boundary.

  • Flexible data boundaries
  • Best of both worlds
  • Gradual cloud adoption

Data Handling

Clear policies on where your data lives, how it is protected, and who has access.

Data Residency

Your data stays in the region you specify. We do not replicate or move data without explicit authorization.

Encryption at Rest

AES-256 encryption for all stored data. Keys managed by your team or your cloud provider's KMS.

Encryption in Transit

TLS 1.3 for all communications. mTLS available for service-to-service authentication.

Data Retention

You define retention policies. We implement them. Default: no data retained beyond the active session.

Chat / AI Interactions

Conversations with AI assistants are processed in real-time and not stored beyond the session unless you opt in. API-based models (Anthropic, OpenAI) are subject to their provider terms — or use local models for zero-egress.

Model Choices

You decide which AI models power your systems. Local, cloud, or both — the architecture supports all options.

Zero egress

Local Models (Ollama)

Run open-weight models entirely on your hardware. Zero data egress. Models include Llama, Mistral, Phi, and more.

Highest capability

API Models (Anthropic / OpenAI)

Use frontier models via API when performance demands it. Data is sent to the provider under their enterprise terms.

No lock-in

Your Choice

Every system we build lets you switch between local and API models. No architectural lock-in to any single provider.

Audit & Compliance

Every system we build includes audit infrastructure by default. Not as an add-on — as a foundation.

Comprehensive Logging

Every AI inference, user action, and system event is logged with timestamps, user context, and input/output hashes.

Audit Trail

Immutable audit logs that satisfy SOX, NERC CIP, and internal compliance review requirements.

GDPR Alignment

Data subject access requests, right to erasure, and data portability built into the application layer.

Role-Based Access

Granular permissions with principle of least privilege. Admin, operator, and viewer roles with full audit of access changes.

Compliance Frameworks

Our systems are designed to operate within these frameworks. Specific certification depends on your deployment model and hosting environment.

SOC 2 Type II

Inherited via Cloudflare infrastructure

ISO 27001

Inherited via Cloudflare infrastructure

GDPR

Data handling and erasure built in

NERC CIP

Audit logging and access controls

IEEE Standards

Engineering calculations per published standards

Infrastructure

Our platform runs on battle-tested infrastructure with inherited security certifications.

Cloudflare Workers

Edge compute in 300+ locations. Automatic DDoS protection, WAF, and bot management included.

D1 Database

SQLite-based distributed database. Encryption at rest. Automatic backups. Read replicas at the edge.

R2 Object Storage

S3-compatible storage with zero egress fees. Data stays in the region you specify.

For client deployments: We deploy on your chosen infrastructure — AWS, Azure, GCP, bare metal, or your existing on-prem stack. The above describes our own platform, not a requirement for your systems.

Source Code Governance

You receive full source code for every system we build. No compiled binaries, no obfuscation, no hidden dependencies.

Full Source Access

Every line of code is yours. Read it, audit it, modify it, or hand it to another team.

Auditable Architecture

Clean, documented code that your security team can review. No black boxes.

Escrow Ready

Source code can be placed in escrow for additional assurance of business continuity.

Maintenance Agreements

Optional ongoing support. Walk away any time — or stay because the systems work.

Need a Security Overview for Your Team?

Book a technical scoping call and we will walk your security and compliance team through our architecture, data handling, and deployment options.

Book a Technical Scoping CallPrivacy Policy