SOC 2 Type II, GDPR, HIPAA, ISO 27001, ISO 42001, EU AI Act conformity. Per-tenant isolation at compute, data, and model level. BYOK, VPC, and on-prem options for regulated industries.
PII is masked at the endpoint by Microsoft Presidio + a Routix-trained classifier — before a single byte is transmitted. Your admin defines the categories. Pause is one click.
Mutual TLS for service-to-service. mTLS pinning available for high-assurance customers. Cloudflare-fronted DDoS protection.
AES-256 at rest. Per-customer envelope keys; BYOK on Enterprise. Cold storage in S3 with object lock and versioning.
Schema-per-tenant on Enterprise. Row-level security on all multi-tenant tables. Separate inference pools per region and per data classification.
WorkOS-backed SAML/OIDC. SCIM provisioning. Per-action permissions. Two-person rules for sensitive operations.
Every agent decision, every tool call, every human override — captured with cryptographic hashes. Export to your SIEM in real time.
SOC 2 report, pen-test summary, DPIA, model card, sub-processor list, and architecture diagram — all in our trust center.
Request access →