Identity & access
SSO (SAML / OIDC), SCIM provisioning, granular RBAC, and step-up authentication at sensitive boundaries.
Trust Center
Governance, security,
and evidence on request.
Controls enforced by the platform itself, with documentation, evidence, and attestation details available on request under mutual NDA.
Control plane Security controls,
Security controls,
enforced by the platform.
Encryption
Encryption in transit (TLS 1.2+) and at rest (AES-256). Customer-managed keys on supported deployments.
Isolation
Per-tenant logical isolation. Dedicated deployments available for regulated customers inside their perimeter.
Audit & evidence
Every call, decision, and output retained with cryptographically signed evidence, exportable to your SIEM.
Secrets & credentials
HSM-backed secret storage. Scoped, rotated, and never exposed to agents outside a signed execution context.
Vulnerability management
Continuous scanning, SLA-tracked remediation, and coordinated disclosure programme.
Subprocessors
Who we work with to serve you.
Categories, purposes, regions, and contract terms available on request. Notifications of material changes go to authorised contacts in advance.
Vendor category Purpose Region
AWS / Azure / GCP Infrastructure Region-pinned per contract
Foundation-model providers Model inference Customer-selected
Observability Telemetry & logs EU / US
Identity SSO & SCIM EU / US
Request documentation
Security documentation,
Security documentation,
shared under NDA.
Reach out to our team for platform documentation, control descriptions, and the latest status of our security programme.