Security & Governance
Built to pass a government security review
No badge wall. Every control below is a mechanism you can inspect in the product, on your own scenarios, during a live demo.
Identity and access
- Single sign-on via OIDC and SAML 2.0 with major identity providers, with just-in-time provisioning and group sync
- MFA for password logins; SSO deployments defer MFA to your identity provider, so the two are complementary
- Seven-level organization roles with a default-deny tier for external collaborators
- Per-solution roles and per-record assignments that even managers do not bypass
- Access governance console showing who can reach what, with audited CSV export
Data protection
- Per-agency tenant isolation enforced down to the database row level
- Per-tenant encryption keys with managed key backends, and crypto-shred offboarding: destroying keys renders data permanently unrecoverable, audited at critical severity
- Connector credentials encrypted under the owning tenant's key
- PII and secret redaction in outputs and logs, with audit metadata on every redaction
- Data-subject tooling for export, deletion, status, and consent requests
AI safety
- Permission-filtered retrieval: answers draw only from records the asking user may see, fail-closed
- Prompt-injection defense on input; streaming output guards for PII, jailbreaks, and prompt leaks
- Grounding controls that decline to answer rather than guess when no authorized source supports the question
- A server-enforced publish gate: no assistant reaches staff without a guardrails review and a real access grant
- Read-only SQL validation on live-data queries; monthly AI budgets with alerts and a hard block at exhaustion
Audit and accountability
- Tamper-evident audit trails: hash-chained entries with in-product integrity verification
- Cryptographically signed PDF audit exports where the record matters most
- Solution-scoped audit views for records, procurement, hiring, and reporting
- Usage and cost analytics computed from real provider tokens, exportable for the record
Responsible AI
Aligned to the standards your AI policy already references
Each principle from the NIST AI Risk Management Framework and California's GenAI guidance maps to a shipped control, not a promise.
- Human oversight
- Consequential AI actions pause behind approval gates and named-human sign-offs
- Transparency
- Every answer cites the source passage it came from, and every exchange joins the audit trail
- Groundedness
- Assistants decline deterministically when no authorized evidence supports an answer
- Safety
- Per-assistant guardrail presets that departments can tighten but never weaken below the platform floor
- Accountability
- Hard-enforced AI budgets and analytics from real provider tokens, exportable for review
An honest boundary: automated answer-correctness verification is active research, not a shipped control. What ships today is auditability: every answer can be checked against its cited source.
Hosting
Cloud-hosted with strict per-agency tenant isolation. The platform is cloud-portable and model-portable by design, and works with multiple AI providers behind one governed gateway. Deployment to government cloud environments is on the roadmap.
Documentation for your review
Security and governance overview, platform briefing, and solution one-pagers are available on request for program, security, and procurement teams. We respond to agency requests ourselves, not through a mailing list.
Request DocumentationBring your security reviewer to the demo
The fastest way to evaluate the controls is to watch them fail closed. We will run your scenarios live.