Security
Security is where this product begins.
Built around the controls firms with proprietary data cannot compromise on — across PE, VC, law, audit, and corporate dev. Every deployment is single-tenant, encrypted by default, and audit-ready from day one.
SOC 2 Type II
Audited annually
ISO 27001
Information security management
GDPR
EU data protection
CCPA
California privacy
How we think about your data.
Private by deployment.
Single-tenant in your cloud, your VPC, or fully on-prem. Documents and embeddings stay where they belong.
Never trained on your data.
Models run in dedicated inference environments. Nothing is shared, federated, or learned across firms.
You own the keys.
Customer-managed encryption keys via AWS KMS, Azure Key Vault, or HSM. BYOK supported on all tiers.
Isolated by default.
VPC isolation with no public-internet egress. PrivateLink endpoints for all integrations.
What your infosec team will ask.
The specifics behind the principles — the questions procurement and infosec typically raise before they sign.
Audit logs
Every query, document access, and configuration change is logged and retained for 7 years. Customer-accessible via API or SIEM integration (Splunk, Datadog, Elastic).
Vulnerability disclosure
Public disclosure policy with a named security contact. Bug bounty program with tiered rewards. Median time-to-fix: 14 days for critical findings.
Sub-processors
30 days advance notice before any addition or material change. Full list maintained publicly. Customer right to object included in the DPA.
Incident response
Notification within 24 hours of any confirmed material incident. Security team on-call 24/7. A customer-specific incident commander is assigned per engagement.
Penetration testing
Annual external pen-test by an independent third party. Quarterly internal red-team exercises. Reports available under NDA on request.
Backup & recovery
RPO: 15 minutes. RTO: 4 hours for full service restoration. Backups encrypted with customer-managed keys. Quarterly recovery drills.