Built to satisfy your auditor on day one.
Enterprise security and compliance are not a 12-month roadmap item for us. They are the foundation under every workflow.
SOC 2
Type II
ISO 27001
Certified
ISO 42001
In audit
HIPAA
BAA available
GDPR
Compliant
EU AI Act
Conformant
CCPA
Compliant
FedRAMP
Moderate · roadmap
How we protect your data.
Tenant isolation
Per-tenant Postgres schema, per-tenant KMS keys, per-tenant vector namespace.
Encryption
AES-256 at rest, TLS 1.3 in transit. BYOK available on Enterprise.
Identity
SSO (SAML), SCIM provisioning, MFA enforced, granular RBAC.
Audit log
Immutable, append-only, hash-chained. Export to Splunk, Datadog, S3.
Prompt-injection defense
Input sanitization, tool allowlists, output validators, abstention when uncertain.
No training on your data
Your data is never used to train shared models. Fine-tunes are tenant-private.
Bug bounty
Continuous program via HackerOne. Annual pen-test by NCC Group.
Incident response
24/7 on-call. Customer-facing post-mortems within 5 business days.
Region residency
US (us-east-1, us-west-2) and EU (eu-west-1). UK, AU, JP on request.
Need our SIG, SOC 2 report or DPA?
Available under NDA from our trust portal. Most customers receive the package within an hour.