Security

Platform Security

Multi-Tenant Data Isolation

Every customer operates in a fully isolated tenant. Data never crosses tenant boundaries — enforced by construction at the database, query, and tool-handler layers, not by optional filters a developer could forget to apply.

Role-Based Access Control

Granular RBAC with organization-level scoping. Users see only the data and modules their role permits. Permissions are enforced at every API endpoint.

Complete Audit Trails

Every write is logged — who changed what, when, and from where. Audit logs are immutable and SHA-256 hash-chained, available for compliance review and forensic analysis.

Encryption Everywhere

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database connections, inter-service communication, and backups are all encrypted.

AI Governance

Built-in AI risk assessment, EU AI Act compliance tooling, and governance dashboards. Every AI agent action is logged, reviewable, and subject to approval workflows.

Data Residency

Your tenant is deployed in the AWS region and availability zone you choose, so your data resides in the region that meets your data-residency requirements. Self-hosted and on-premise deployment options are also available.

Compliance & Security Features

Security & Audit Controls

Security and audit controls mapped to the SOC 2 Trust Services Criteria: access enforcement at every API boundary, continuous monitoring, multi-AZ availability, cryptographic integrity checks, and tenant-level confidentiality. Every write is logged to a tamper-evident, hash-chain-protected audit trail; customers can verify integrity through our chain-verification API.

Healthcare & HIPAA Safeguards

For healthcare organizations and business associates: encrypted PHI fields, comprehensive PHI audit logging, role-based access control, and multi-factor authentication. The AWS Business Associate Agreement is signed. Customer BAAs are available on request — use the form below and choose the Legal / DPA / BAA topic.

Data Protection & GDPR

Data minimization, right to erasure, data portability, and consent management built into every tenant. For customers with EEA, UK, or Swiss personal data, our standard Data Processing Addendum (DPA) provides Standard Contractual Clauses (Module 2 — controller-to-processor, EU 2021/914) to govern cross-border transfers.

AI Governance & EU AI Act

Built-in AI system classification, prohibited-use detection, compliance scoring, and risk assessment dashboards. Designed to help organizations meet EU AI Act obligations without external tooling.

Questions about security?

We're happy to discuss our security practices in detail, provide additional documentation, or walk through our architecture with your security team. To report a vulnerability, request a DPA or BAA, or ask a security or compliance question, send us a message below.