Security · Beta · as of 2026-05-31

Closed by construction.

The controls below do not depend on a certificate to be true. They are how the system is built. This page is written to be forwarded — to a general counsel, a security reviewer, or the desk that signs off on vendors.

Read the one-page security brief

Chamber · single-tenant

Documents → chamber → memorandum · audit beneath

Schematic · v 2026

InferenceAnthropic · ZDR

KeysPer-House DEK

AuditAppend-only · 7Y

ResidencyUS · UK · EU default

Three isolation tiers — Atelier, House, Sovereign

Closed by construction

01 · Tenancy and isolation

You choose where the boundary sits.

Every House runs in its own isolated tier. The further down the table you go, the more of the stack moves inside your own control.

Tier	Tenancy	Inference	Keys
Atelier	Logical multi-tenant, row-level security	Shared dedicated chamber, zero-retention contract	Platform-managed
House	Single-tenant Supabase project, dedicated Postgres	Dedicated chamber, region-pinned, zero-retention	Platform-managed, customer key optional
Sovereign	Single-tenant in your VPC or on-premise	Customer-hosted open weights or dedicated chamber	Customer-managed, bring-your-own-key

02 · The model layer

Our prompt systems and workflows are the value; the model is interchangeable, which is what lets each tier choose its own boundary.

Default: Anthropic Claude on a zero-data-retention enterprise contract — inputs and outputs are not retained or used for training.
House tier: Inference routed through AWS Bedrock with PrivateLink and zero retention, pinned to a region you elect (US, UK, EU, or Singapore).
Sovereign tier: Run open-weight models in your own VPC, with our orchestrator deployed as a Helm chart. The documents never leave your boundary.
Training: Documents are never used to train any model. No exceptions.

House-held keys

Per-House DEK · HMAC-SHA256
CMK · ZDR · SOC 2 (in progress)

Sovereign tier — bring-your-own-key

03 · Data handling

Encryption: Documents are encrypted at rest with AES-256 and in transit with TLS 1.3.
Retention: Document retention defaults to engagement lifetime plus ninety days, configurable down to engagement lifetime.
Audit: The audit log is append-only and retained seven years, immutable via object-lock storage.
Subprocessors: The subprocessor list is published and versioned, and the contracted auditor is named there.

Audit chain · E-2026-014

SHA-256 · append-only · §appendix

4 events

Every action writes an append-only, hash-chained audit record.

Signed · A.O.

04 · Material non-public information

Quarantine: When an engagement is tagged public-company-adjacent, the system flags and quarantines likely MNPI by default.
Wall-crossing: Wall-crossing runs through explicit role assignment, a separate chamber, and a separate audit trail.
Oversight: A compliance-officer role holds read-only access to every engagement in a House.

05 · Compliance roadmap

What we have, and what we plan.

Now

SOC 2 Type I observation period under way, auditor named on the subprocessor list
Vendor security questionnaire pack ready on request
Penetration test conducted annually

Planned

Next: SOC 2 Type II report
After: ISO 27001 certification
On request: HIPAA-aligned controls, for families with health-related trusts

We do not claim a certification before it is issued. Where a control is in progress we say so, and name the auditor. None of this is a warranty on a specific engagement — that still depends on document quality, MNPI routing, and reviewer sign-off.

The privacy architecture, conduct, and the live measurement scorecard sit on the principles page; the current subprocessors are listed here.