Book a live demo
TRUST & CONTROL · GDPR · SOC 2 IN PROGRESS

Powerful enough to run the workflow.
Constrained enough to defend in audit.

Trust is not a section in the security pack. It is the way the product is built. Tenant-isolated, deterministic, reversible, audit-friendly by default.

EU · US
REGION PINNING
Pick the region per workspace. Data never crosses borders unless you sign off in writing.
0
CUSTOMER ROWS IN TRAINING
Your data is never used to train models. Not ours, not OpenAI's, not anyone's.
100%
REVERSIBLE WRITES
Every action the platform takes can be revoked from a single audit page.
SOC 2
IN PROGRESS · Q3
Type II audit underway. GDPR-aligned and DPA-ready today.
PRINCIPLES

Five rules,
baked into the architecture.

The product cannot violate them, and we cannot quietly turn them off. Procurement reads the same architecture diagram you do.

PRINCIPLE 01

Tenant-isolated by design.

Every workspace gets its own encryption key, its own object store, and its own queue partition. There is no shared schema with a tenant_id column path. We picked the harder architecture so you do not have to trust our row filters.

Per-tenant KMSRegion pinningIsolated computeNo row-level shared state
PRINCIPLE 02

Customer data is never used for training.

Not in our models, not in foundation-model providers' models, not in opaque improvements. We pay providers explicitly to disable training on our traffic, and we publish the contracts on request.

Zero-retention LLM routingSub-processor list publicDPA on first email
PRINCIPLE 03

Deterministic agents over stochastic ones.

An LLM picks the plan. The platform runs governed SQL against governed definitions. Every answer carries the SQL trace, the source rows, and a confidence signal so you can defend it to the audit committee.

SQL plan attachedConfidence signalRepeatable answers
PRINCIPLE 04

Every action is reversible.

If the platform writes back to Slack, your warehouse, or your CRM, the write is logged, attributed, and revocable from the audit page. No one, including us, can move on a customer system without leaving a trace.

Write log per workspaceOne-click revokePer-action approver
PRINCIPLE 05

Audit-friendly by default.

SSO, SCIM, exportable audit logs, immutable change history on metric definitions, and a procurement pack that ships with the trial, not after a six-week security review.

SSO & SCIMImmutable metric historyExportable audit logDPA · sub-processors · SOC 2 status
THE FRAMEWORKS

Compliance is the floor.
The product is the wall.

Frameworks tell you a vendor passed an audit. The architecture tells you whether it can fail you in the first place.

FRAMEWORK 01

GDPR-aligned

DPA on first contact. EU region pinning. Subject access requests handled in-product, not over email.

FRAMEWORK 02

SOC 2 Type II

Audit underway · Q3 2026. Real-time controls dashboard available to enterprise customers from day one.

FRAMEWORK 03

HIPAA-ready

For health-tech customers: BAAs available, PHI redaction at the connector layer, and additional access logs.

Bring your security lead

Trust is a product feature.
Bolting it on later never works.

Walk through the architecture, the DPA, the sub-processor list, and the audit logs with the platform team in one 45-minute call.

Book a security review Download the pack

Nous utilisons des cookies pour améliorer votre expérience de navigation, servir des publicités ou du contenu personnalisé, et analyser notre trafic. En cliquant sur "Tout Accepter", vous consentez à notre utilisation des cookies.