Trust by architecture, not by promise.
The detail your security, audit, and tax teams need lives in the Trust Center Package.
ISO 27001
EU hosted
Zero Training
Audit-Ready by Design
100% line-item · immutable trail
Compliance Coverage
GoBD · IFRS · SOX · BEPS
Security Architecture
AES-256 · TLS 1.3 · SSO · SCIM
EU Data Residency
Frankfurt · SCCs pre-executed
Zero Training Policy
Customer data never used to train
Deployment Flexibility
SaaS · Single-Tenant · BYOC · On-Prem
Everything your security and legal teams need
The Trust Center Package collects the documentation typically requested in enterprise security and procurement reviews. Updated quarterly.
ISO 27001 Certificate
Full certificate
DPA + Standard Contractual Clauses
EU 2021 SCCs
Sub-Processor List
Updated quarterly
Penetration Test Summary
Annual 3rd-party test
Architecture Brief
Technical document for IT
GDPR Compliance Statement
Procedure for any incident
Audit-readiness as a byproduct, not an extra task
Every matching decision logged immutably: rule, model, timestamp, user, confidence, rationale. The audit evidence the auditor receives is pre-populated, immutable, and at the line item.
100%
Line-item coverage
Every match populated, every exception raised on the day it appears. No sampling, no post-hoc reconstruction.
−30 to −50%
Year-end audit time
Continuous monitoring at the transaction level stands in for sampled audits. Auditor receives evidence on day one, not last day.
Big-4 ready
External-auditor walk-through
Walk-through calls with Big-4 engagement teams are routine — including for US-listed customers in your industry profile.
Full audit walk-through · ISO 27001 certificate available in the Trust Center Package →
One integrated audit trail
The engine generates compliance evidence as a byproduct. The full standards mapping, certificates and documentation packages live in the Trust Center Package.
ISO 27001
Information Security Management System · third-party audited
Certified
GoBD
Ordnungsmäßigkeit · Nachvollziehbarkeit · Unveränderbarkeit · platform layer
Covered
IFRS 10 · HGB §297
Group consolidation · IC elimination evidence
Covered
SOX Sec. 404
ICFR posture · deterministic-first matching · immutable trail
Covered
BEPS Action 13 · §90 AO
Transfer-pricing documentation · transaction-level evidence
Covered
GDPR · DPA + SCCs
EU 2021 Standard Contractual Clauses · pre-executed
Pre-executed
Certificates, control description, audit-scope details and compliance attestations available in the Trust Center Package →
Enterprise-grade security from day one
Encryption, identity, and continuous validation built in. The detail and the third-party reports live in the Trust Center Package.
Data protection & encryption
Production data encrypted at rest with AES-256-GCM via Cloud KMS. Data in transit uses TLS 1.3 with HSTS enforced on every endpoint. DLP content scanning runs before any model invocation.
AES-256-GCM
TLS 1.3
Cloud KMS
DLP at inference
Access control & identity
RBAC at workspace and Flow level. SSO via SAML 2.0 / OIDC with native Azure AD, Okta, Google Workspace integration. SCIM provisioning end-to-end. Phishing-resistant MFA required for every user.
SAML 2.0 · OIDC
SCIM
RBAC per RECON
WebAuthn · Passkey
Penetration testing & logging
Annual third-party penetration test with summary report. Immutable audit logging captures every system event, every model interaction, every administrative action — retrievable on demand.
Annual 3rd-party test
Immutable logging
Summary in Package
Data stays in the EU. By default. By architecture.
Production data hosted exclusively in europe-west3 (Frankfurt) — no cross-border transfer under standard configuration. Backup and disaster-recovery infrastructure are also EU-resident.
Frankfurt · europe-west3 by default
All production data hosted in the EU. Standard configuration involves no cross-border data transfer.
Dedicated EU enclave option
For customers with data-localisation mandates: a dedicated EU processing enclave with full tenant isolation.
SCCs & DPA pre-executed
EU 2021 Standard Contractual Clauses ready to sign. Works Council / Betriebsrat consultation supported with pre-prepared documentation.
Never used for training
Customer data is never used to train, fine-tune, or improve any model — own or third-party. Contractual in the DPA.
Tenant-isolated inference
No cross-tenant learning. Architecturally enforced isolation between customers, validated by the same audit log that covers reconciliation matches.
Auditable model invocations
Every model call logged — when, by whom, on what data. Available to internal audit and external auditors under NDA.
Strategic differentiation anchor
Your data is never used to train models.
Zero Training Policy — contractually guaranteed in the DPA, applied to all third-party LLM providers. Tenant-scoped inference, no cross-tenant learning, architecturally enforced.
Four deployment models.
From SaaS to fully air-gapped on-premise. Scoped to your security and operational requirements. Detail and architecture brief in the Trust Center Package.
Multi-Tenant SaaS
Default deployment
Shared infrastructure with full tenant isolation. The fastest path to value.
4–6 wk go-live
per Flow
Single-Tenant SaaS
Dedicated infrastructure
For customers with isolation requirements. Same architecture, isolated stack.
99.95% SLA
Dedicated
BYOC · Bring Your Own Cloud
In your cloud account
Deploy the platform into your own GCP, Azure, or AWS environment. Your data never leaves your cloud.
GCP
Azure
AWS
On-Premise
Air-gap capable
Helm Chart deployment for the most regulated environments. No cloud connectivity required.
Helm
Air-gap
Regulated