Documented posture. Aligned standards. Disclosed sub-processors.
The platform's security and compliance posture is published, not asserted. Every control has a corresponding policy. Every AI surface is classified. Every sub-processor is named.
Defence in depth, end to end.
Encryption
TLS 1.2+ in transit, AES-256 at rest. HSTS enforced. Keys managed in an HSM-backed key vault, accessed via managed identity — secrets never appear in application config.
Network isolation
The database is reachable only via a private endpoint; public access is disabled. The application is network-integrated; outbound to the AI provider over HTTPS is the only direct internet egress.
Identity
Primus team via Microsoft Entra single sign-on with tenant MFA. Client users via email one-time codes (SMS optional). 5-attempt lockout, sliding-window rate limiting, per-IP and per-user.
Authorization
Three tiers, enforced at the route, the template, and the build. A fourth allowlist gates the restricted CEO Readout deck. Tier transitions are audit-logged.
AI guardrails
Prompt versioning by SHA-256, per-call cost attribution, per-user daily spend caps, off-topic refusal, injection defence, fenced-content guarantees enforced at build and at serve.
Audit + monitoring
Every AI inference logged with model, prompt version, tokens, and cost. Security events feed an admin dashboard. Daily background tasks scan for abuse patterns and emit alerts.
One application, one region, one set of disclosed dependencies.
The full dependency surface is small and visible. No third-party JavaScript in the client. No analytics SDKs. No CDN, no error-tracking SaaS, no font CDN.
Microsoft Azure · US region
Private, in-network
HSM-backed key vault
Email + SMS one-time codes
Anthropic Claude · US
Private, access-controlled
All outbound traffic from the application leaves over the cloud provider's private backbone — private endpoints, Microsoft-managed endpoints, and a single HTTPS path to the Anthropic API. Nothing else. Service-level resource details and configuration are shared with prospective customers under NDA via the Trust Center.
What we align to, and how honestly.
Posture is stated as aligned when controls are in place but no third-party audit has been completed, and as certified only after audit.
| Standard | Posture | Note |
|---|---|---|
| OWASP Top 10 (2021) | Aligned | Hardened headers, dependency scanning, input validation, output encoding. |
| SOC 2 (TSC 2017) | Controls aligned | CC1–CC9 mapped to platform controls. Formal certification readiness assessment underway. |
| ISO 27001:2022 | Controls aligned | Annex A controls mapped. ISMS formalisation and certification readiness underway. |
| ISO 42001 (AI Management) | Partial — gap analysed | Gap analysis documented; full conformance is part of the AI-program roadmap. |
| NIST AI Risk Management Framework | Aligned | GOVERN / MAP / MEASURE / MANAGE functions mapped to platform controls and policies. |
| EU AI Act | Classified, not in scope today | Every AI surface classified. Most are limited-risk under Article 52 transparency; none high-risk under Article 6. |
| NIST SP 800-61 Rev 2 | Aligned | Incident response procedure follows the NIST framework. |
| NIST SP 800-53 SC-13 | Aligned | Encryption implementation references the NIST control. |
Human-in-the-loop AI, by design.
The platform uses AI for decision-support. Every artifact is reviewed before promotion; nothing publishes silently.
What the AI does
- Synthesizes per-session analyses, per-dimension findings, recommendations, and capability assessments.
- Renders slide summaries, deck content, and the formal memorandum prose.
- Answers analytical questions in bounded chat — per person, per session, or per meeting.
What the AI does not do
- Make autonomous decisions about individuals — no scoring, ranking, or eligibility determination.
- Generate content for publication or marketing.
- Receive data outside the requester's permission tier.
- See system secrets, infrastructure detail, or other users' chat.
Every system prompt is SHA-256 hashed and registered at startup. Changes are first-seen-stamped with an author identifier.
Every inference logs the model, token counts, cost estimate, and outcome — per user, per endpoint, per call.
A daily background task scans for cost spikes and token-rate anomalies against a rolling baseline and emits alert events.
Full detail in the AI Disclosure / Model Card.
Two sub-processors. Both named. Both audit-current.
Additions or material changes are notified to controllers 45 days in advance per our standard Data Processing Agreement.
Microsoft Corporation (Azure)
| Purpose | Compute, database, identity, communications, storage, secrets, logs. |
|---|---|
| Region | East US 2 (United States) |
| Training use | Customer data is not used to train any Microsoft AI per the Microsoft Online Services terms. |
| Audit posture | SOC 1 / 2 / 3, ISO 27001 / 27018, FedRAMP High, HIPAA BAA available. |
Anthropic, PBC
| Purpose | Claude API — text inference for analysis, synthesis, generation, and chat. |
|---|---|
| Region | United States (Anthropic's primary inference infrastructure) |
| Training use | No training on API customer data per Anthropic Commercial Terms §7. 30-day retention for abuse monitoring; deleted thereafter. |
| Audit posture | SOC 2 Type II. Trust Center: trust.anthropic.com. |
Full inventory: Sub-Processor List.
What data lives where, for how long.
| Class | Storage | Retention | Sensitivity |
|---|---|---|---|
| Account identity | Database (encrypted at rest) | Lifetime of access + 90 days | PII |
| Authentication telemetry | Database | 30–90 days | Pseudonymous |
| Chat content | Database | 365 days; user-deletable via DSAR | User-attributed |
| AI audit log | Database | 365 days, then anonymized; prompt fingerprints retained for forensic integrity | Metadata only — no full prompts |
| Security events | Database | 90 days | Operational |
| Engagement work product | Database + filesystem | Lifetime of engagement + archive per controller direction | Client-owned |
| Recordings (media) | Private media storage | Per engagement contract | Stream-only; no download surface |
| Versioned system prompts | Database | Indefinite (forensic integrity) | Configuration |
Retention is automated — a daily background task prunes per-class TTLs. Anonymization on the AI audit log replaces email identifiers with a one-way hash on DSAR erasure, preserving forensic integrity without retaining personal data.
How the platform is run.
Boring, but essential operational discipline.
- Single accountable operator per engagement, backed by a secondary.
- Daily background tasks for retention enforcement and abuse-pattern detection.
- Monthly access review with an exportable evidence artifact, auto-reminded.
- Quarterly dependency CVE scan via pip-audit.
- Annual policy review with refresh dates published.
- Incident response with 24-hour Counsel notification for SEV-1 events, 72-hour breach notification per DPA.
Need the documentation pack for procurement?
We can provide a current Security & Compliance documentation set (Information Security Policy, Access Control, Encryption Standards, Incident Response, BCP/DR, AI Use Policy, Vendor Inventory, and more) on request, under NDA.