Security & Compliance
Our mission is to help teams deploy AI responsibly. Here’s how we protect your data.
Data Handling
- Ephemeral by default: Evaluations are processed in-memory; no prompts/output stored unless you enable history.
- Encryption in transit: TLS 1.2+ for all traffic.
- Customer-managed keys (BYO): Connect OpenAI, Anthropic, xAI keys directly from client or via server proxy.
- Data residency: US-based by default; enterprise options for regional hosting.
Access & Identity
- Role-based access (viewer, editor, admin) — roadmap.
- SSO/SAML (Okta, Azure AD, Google) — enterprise.
- Audit logs for evaluations and exports — roadmap.
Compliance Roadmap
- NIST AI RMF alignment (mapping to functions & profiles).
- EU AI Act readiness materials (risk classification & documentation templates).
- SOC 2 Type I/II — planned.
- HIPAA BAAs for covered entities — enterprise plans.
Responsible AI
- Bias, hallucination, and safety scoring via judge models.
- Transparent prompts and reproducible evaluations.
- Exportable evidence for audits (JSON/CSV).