Security and Responsible AI

Built for high-stakes work

Enterprise and public-sector AI depends on security, governance, and accountability. We treat them as build requirements. Here is how we work, and what you get.

Data handling and privacy

  • Deploy in your cloud or region when you require it
  • Encryption in transit and at rest
  • Data minimization: we collect the minimum to do the work
  • Your data never trains another organization's model
  • Retention controls you set

Access and infrastructure

  • Least-privilege access and role separation
  • Row-level security on data stores
  • OAuth and scoped permissions for connected accounts
  • Secrets isolated from client code
  • Our own analytics hashes visitor identifiers and stores no raw IP

Evaluation and assurance

  • Evaluations before release and on a schedule
  • Human review in the loop for high-stakes decisions
  • Monitoring, logging, and audit trails
  • Red-team review of prompts and access paths

Responsible AI

  • Answers carry citations you check
  • A named person stays accountable for every decision
  • We flag low-confidence output for review
  • We tell you when AI is the wrong tool

Governance and procurement

  • SOC2-aligned controls in our products
  • Security documentation for your procurement
  • Named, accountable delivery leadership
  • Clear data processing terms
In every engagement

What you get

Security and assurance are part of the work, not an upsell.

A threat model for your system
A security review before launch
Evaluation results you read
Monitoring and audit trails
Documentation for your compliance team
A named owner for delivery

Need our security documentation?

Tell us your requirements. We will prepare documentation for your security and procurement review, and walk your team through our controls.

Request documentationCapabilities statement