Your data. Your tenant. Your control.

Tenant isolation at the database

Postgres Row-Level Security enforces tenant separation at the data layer, not just in app code. A bug in code can't leak across tenants.

Encrypted everywhere

AES-256-GCM at rest. TLS 1.3 in transit. User IDs are HMAC-fingerprinted, never stored raw alongside conversation data.

Audit trail per conversation

Every AI action, every approval, every signal is traced. The full audit log is exportable for security reviews on Business and above.

Right to be forgotten

One-click deletion cascades through derived data, embeddings and KB entries — built to satisfy GDPR and CCPA erasure requests. A DPA is in place before contract.

Your data trains your AI. Not anyone else's.

Tenant isolation goes all the way down — model calibration, embeddings, save-offer history and draft-acceptance signals all stay scoped to your workspace.

Continuous compliance

Agent-driven control checks run 24/7 across data handling, access and DPA terms — not a once-a-year stamp.

Continuous controls monitoring GDPR-aligned CCPA-aligned HIPAA-ready

One-click GDPR / CCPA deletion

A deletion request cascades through the derived layers — embeddings, KB entries, model signals — not just the primary record. Gone means gone.

DPA before contract

A Data Processing Addendum is signed before any customer data flows. Every material sub-processor is bound by contract to the same standard.

Tenant-isolated model training

Calibration and embeddings stay scoped to your workspace. Our LLM and embedding sub-processors are contractually prohibited from training on your data.

SOC 2 Type II — in progress

We're working toward SOC 2 Type II. It is not yet certified, and we won't claim it until it is. Ask us for the current status and we'll tell you where the audit stands.

Continuous controls monitoring

GDPR-aligned, CCPA-aligned and HIPAA-ready controls are checked continuously by agent-driven monitoring, with the evidence available for your review.