Trust
Security & Compliance
Enterprise-grade security from day one. Your data stays in your infrastructure.
Security Features
Built for enterprise
Comprehensive security controls to protect your data and meet compliance requirements.
VPC Isolation
AvailableAll resources deployed in private subnets. RDS Proxy, S3 Gateway endpoint, and Lambda in private VPC.
KMS Encryption
AvailableAES-256 at rest with AWS KMS across Aurora, S3, and OpenSearch. TLS 1.3 in transit.
Self-Hosted Deployment
AvailableDeploy to your own AWS infrastructure via CDK stacks. Data never leaves your environment.
Multi-Tenant RBAC
AvailableFour-tier role hierarchy with PostgreSQL row-level security enforcing tenant isolation at the database level.
CloudTrail Audit Logging
AvailableEvery API call logged via CloudTrail. Application-level audit trail with user, timestamp, and context.
Infrastructure Audit Tests
AvailableAutomated compliance test suites for HIPAA, SOC 2, GDPR, NIST 800-53, and ISO 27001 controls.
Cognito Authentication
AvailableAWS Cognito User Pool with invite-only registration, MFA support, and OAuth/OIDC integration.
AWS Bedrock Only
AvailableAll AI inference through AWS Bedrock. No data sent to third-party AI providers. Region-scoped.
Infrastructure Compliance Tests
Automated audit test suites
Run infrastructure compliance tests against major frameworks. Built on AWS compliance-eligible services.
SOC 2 Controls
Tests included
HIPAA Controls
Tests included
GDPR Controls
Tests included
NIST 800-53
Tests included
ISO 27001
Tests included
How We Handle Your Data
- All LLM calls route through AWS Bedrock - no data sent to external AI providers
- Data encrypted at rest with KMS and in transit with TLS 1.3
- PostgreSQL row-level security enforces tenant isolation on every query
- CloudTrail audit logging for all API calls
- Self-hosted deployment option via CDK for complete data sovereignty
Ready to discuss security?
Our team can provide security documentation, answer compliance questions, and schedule a security review.