Compliance
SHA-256 hash chain on every action, Aikido-audited codebase, MFA-gated admin access.
Technical Controls
Audit Integrity
- 01SHA-256 Hash Chain: Every system action is cryptographically linked to the previous entry, preventing any database-level tampering.
- 02Forensic Verifiability: Our integrity engine provides API endpoints for real-time validation of log sequence and content authenticity.
- 03Reason Tracking: Every Human-in-the-Loop (HITL) intervention is recorded with full context — the source document, current screen state, and the specific field in question — providing a complete audit trail for compliance requirements.
Access & Identity
- 01MFA Enforcement: Multi-Factor Authentication (TOTP) is mandatory for all administrative and operator access.
- 02Access Control: Role-based permissions with TOTP MFA and complete audit logging with session-level granularity.
- 03Isolated Sessions: Each terminal connection runs in a dedicated, memory-isolated instance to prevent cross-tenant data leakage.
Regulatory Readiness
HIPAA Alignment
Architected to meet technical safeguard requirements for Protected Health Information (PHI). Cryptographic audit trails provide verifiable end-to-end data integrity.
- SHA-256 cryptographic audit trail
- Encryption at rest (KMS on AWS)
- Immutable access audit logs
- Per-tenant data isolation
Data Governance
Zero-Retention Policy
Vision captures and terminal screen data are processed in-memory. We do not train AI models on your operational data.
Sovereignty Control
Production runs in the EU (Hetzner, Frankfurt / Falkenstein) by default. US and UK regions are available via dedicated AWS deployment on request. No cross-border data transfer occurs without explicit, forensically logged administrator consent.
Request Security Brief
Our security whitepaper details our SHA-256 hash-chain implementation and VPC isolation logic.
Note: Whitepaper is transmitted to authorized corporate domains only.
Request