Trust & governance·Security & compliance

Built for work that matters. Not work that's good for a demo.

Every tool call logged. Access scoped per role. Data pinned to your region. Humans approve before anything reaches the outside world.

Forward this page to your security or legal team. Everything below is how we handle access, isolation, residency, and human checkpoints — the parts a demo cannot show.

Compliance status

SOC 2 Type II is in progress. We are happy to walk through architecture, subprocessors, and data flows on a design-partner call — ask when you request access.

Trust & governance

Built for work that matters. Not work that's good for a demo.

audit.loglive · all actors
Track
TimeEventActorTargetStatus
09:41:54policy.checksystempii.redact✓ pass
09:42:00agent.run@danagmail.send✓ sent
09:42:03data.readagentdrive/Q3.xlsxread
09:42:10approval.req@danainvoice.pay⏳ pending
09:42:15policy.checksystempii.redact✓ pass
09:42:19tool.callagentslack.post✓ posted
09:42:27memory.writeagentvector.storestored
09:42:30role.assert@samrun · viewerdenied
09:42:36policy.checksystempii.redact✓ pass
09:42:41approval.grant@finance-leadinvoice.pay✓ granted
09:42:45data.readagentdrive/Q3.xlsxread
09:42:51policy.checksystempii.redact✓ pass
09:42:54agent.run@danagmail.send✓ sent
09:43:01tool.callagentslack.post✓ posted
09:43:06region.pinsystemeu-west-1pinned
09:43:10policy.checksystempii.redact✓ pass
09:43:18memory.writeagentvector.storestored
09:43:21memory.purge@opsolder_than=90d✓ purged
09:43:27data.readagentdrive/Q3.xlsxread
09:43:32policy.checksystempii.redact✓ pass
09:43:36agent.run@danagmail.send✓ sent
09:43:42approval.req@danainvoice.pay⏳ pending
09:43:45policy.checksystempii.redact✓ pass
09:43:52tool.callagentslack.post✓ posted
09:43:57approval.grant@finance-leadinvoice.pay✓ granted
09:44:01policy.checksystempii.redact✓ pass
09:44:09data.readagentdrive/Q3.xlsxread
09:44:12region.pinsystemeu-west-1pinned
09:41:54policy.checksystempii.redact✓ pass
09:42:00agent.run@danagmail.send✓ sent
09:42:03data.readagentdrive/Q3.xlsxread
09:42:10approval.req@danainvoice.pay⏳ pending
09:42:15policy.checksystempii.redact✓ pass
09:42:19tool.callagentslack.post✓ posted
09:42:27memory.writeagentvector.storestored
09:42:30role.assert@samrun · viewerdenied
09:42:36policy.checksystempii.redact✓ pass
09:42:41approval.grant@finance-leadinvoice.pay✓ granted
09:42:45data.readagentdrive/Q3.xlsxread
09:42:51policy.checksystempii.redact✓ pass
09:42:54agent.run@danagmail.send✓ sent
09:43:01tool.callagentslack.post✓ posted
09:43:06region.pinsystemeu-west-1pinned
09:43:10policy.checksystempii.redact✓ pass
09:43:18memory.writeagentvector.storestored
09:43:21memory.purge@opsolder_than=90d✓ purged
09:43:27data.readagentdrive/Q3.xlsxread
09:43:32policy.checksystempii.redact✓ pass
09:43:36agent.run@danagmail.send✓ sent
09:43:42approval.req@danainvoice.pay⏳ pending
09:43:45policy.checksystempii.redact✓ pass
09:43:52tool.callagentslack.post✓ posted
09:43:57approval.grant@finance-leadinvoice.pay✓ granted
09:44:01policy.checksystempii.redact✓ pass
09:44:09data.readagentdrive/Q3.xlsxread
09:44:12region.pinsystemeu-west-1pinned
hover to pause · click an event to trace
ControlEnforced
01
Full audit trail
Every tool call, every prompt, every decision is logged with a replayable trace. Nothing the system does is invisible.
02
Role-based access
Scope who can design, who can run, and who can approve. Roles travel with the agent, the collection, and the dataset.
03
Private org units
Teams get their own isolated context and knowledge. No cross-tenant bleed, no accidental access to another unit’s data.
04
Data residency
Choose where your vectors, blobs, and traces live. We support EU, UK, and US regions with pinned storage per org.
05
Human in the loop
Any action you want gated can require approval before it runs. Configurable per agent, per tool, per risk level.
06
Retention controls
Set how long traces, memory, and artifacts persist. Purge on demand. Export on demand. Your data stays yours.

What buyers ask after the demo.

Subprocessors & data flows

Model providers, vector storage, and blob storage are disclosed during onboarding. You choose residency; we pin storage per organisation.

Export & deletion

Export conversations, memory, and artefacts on demand. Purge retention windows or trigger deletion — your data stays yours.

Design-partner security reviews

We run architecture walkthroughs with your InfoSec team as part of onboarding — before production workloads land.

Security review

Need a deeper walkthrough? We'll schedule one.

Design partners get an architecture and subprocessors review as part of onboarding. Request access and mention InfoSec in your note.