RVVRRVVR
Back

Data Security and Privacy

The first question almost every serious customer asks is some version of: where does my data actually go, and who is able to see it once it's there. Here's the answer.

Where your data lives

Your data lives inside your own environment, or inside dedicated infrastructure that we provision specifically for your tenancy. It doesn't live in a shared model. It doesn't live in a vendor's general training set. And it doesn't live in some public cloud bucket somebody set up three years ago and forgot about.

Where the regulation or the sensitivity of the data requires it, we deploy fully isolated. That means your own VPC, your own keys, and network egress only to the systems you've specifically authorized.

Defaults, not upgrades

  • Encryption at rest and in transit, everywhere. We don't have a pricing tier where this becomes optional.
  • Role-based access control. Who can see what gets configured at deployment time, rather than bolted on later as an afterthought.
  • Full audit logging. Every read, every action, and every model decision is logged, and the retention is set according to your compliance requirements.
  • Key management. You can bring your own keys if you prefer to. We integrate with the major KMS providers.
  • No model training on your data. Unless you specifically ask us to fine-tune a model on your behalf, your data is never used to train anything.

Compliance posture

We deploy into regulated environments fairly regularly. Healthcare, financial services, and government-adjacent organizations are all common, and our defaults are designed to make those audits go smoothly. The specifics will depend on which framework applies to your situation (HIPAA, SOC 2, FedRAMP-aligned, GDPR, and so on), and we'll walk through the relevant controls during scoping.

What "trust us" means here

What it means is that we put it in writing. The deployment architecture, the data flow diagram, the access roster, and the retention policy are all documented as part of onboarding. If we can't explain a given piece of it on a single page, we probably haven't designed it tightly enough.

Ask us anything specific. Security questions get specific answers around here, rather than boilerplate.