Documented posture. Aligned standards. Disclosed sub-processors.
The platform's security and compliance posture is published, not asserted. Every control has a corresponding policy. Every AI surface is classified. Every sub-processor is named.
Defence in depth, end to end.
Encryption
TLS 1.2+ in transit, AES-256 at rest. HSTS enforced. Keys managed in Azure Key Vault with HSM backing, accessed via Managed Identity — secrets never appear in application config.
Network isolation
PostgreSQL reachable only via private endpoint; public access disabled at the database. The application is VNet-integrated; outbound to Anthropic over HTTPS is the only direct internet egress.
Identity
Primus team via Microsoft Entra single sign-on with tenant MFA. Client users via email one-time codes (SMS optional). 5-attempt lockout, sliding-window rate limiting, per-IP and per-user.
Authorization
Three tiers, enforced at the route, the template, and the build. A fourth allowlist gates the restricted CEO Readout deck. Tier transitions are audit-logged.
AI guardrails
Prompt versioning by SHA-256, per-call cost attribution, per-user daily spend caps, off-topic refusal, injection defence, fenced-content guarantees enforced at build and at serve.
Audit + monitoring
Every AI inference logged with model, prompt version, tokens, and cost. Security events feed an admin dashboard. Daily background tasks scan for abuse patterns and emit alerts.
One application, one region, one set of disclosed dependencies.
The full dependency surface is small and visible. No third-party JavaScript in the client. No analytics SDKs. No CDN, no error-tracking SaaS, no font CDN.
FastAPI · East US 2
Flexible · VNet only
Secrets · HSM-backed
Email + SMS OTP
Inference · US
Recordings · private
All outbound traffic from the application leaves over the VNet to either private endpoints, Microsoft-managed endpoints over the Azure backbone, or the Anthropic API over HTTPS. Nothing else.
What we align to, and how honestly.
Posture is stated as aligned when controls are in place but no third-party audit has been completed, and as certified only after audit.
| Standard | Posture | Note |
|---|---|---|
| OWASP Top 10 (2021) | Aligned | Hardened headers, dependency scanning, input validation, output encoding. |
| SOC 2 (TSC 2017) | Controls aligned | CC1–CC9 mapped to platform controls. Audit engagement is a productisation milestone. |
| ISO 27001:2022 | Controls aligned | Annex A controls mapped. Certification path opens with productisation. |
| ISO 42001 (AI Management) | Partial — gap analysed | Gap analysis documented; full conformance is part of the AI-program roadmap. |
| NIST AI Risk Management Framework | Aligned | GOVERN / MAP / MEASURE / MANAGE functions mapped to platform controls and policies. |
| EU AI Act | Classified, not in scope today | Every AI surface classified. Most are limited-risk under Article 52 transparency; none high-risk under Article 6. |
| NIST SP 800-61 Rev 2 | Aligned | Incident response procedure follows the NIST framework. |
| NIST SP 800-53 SC-13 | Aligned | Encryption implementation references the NIST control. |
Human-in-the-loop AI, by design.
The platform uses AI for decision-support. Every artifact is reviewed before promotion; nothing publishes silently.
What the AI does
- Synthesizes per-session analyses, per-dimension findings, recommendations, and capability assessments.
- Renders slide summaries, deck content, and the formal memorandum prose.
- Answers analytical questions in bounded chat — per person, per session, or per meeting.
What the AI does not do
- Make autonomous decisions about individuals — no scoring, ranking, or eligibility determination.
- Generate content for publication or marketing.
- Receive data outside the requester's permission tier.
- See system secrets, infrastructure detail, or other users' chat.
Every system prompt is SHA-256 hashed and registered at startup. Changes are first-seen-stamped with an author identifier.
Every inference logs the model, token counts, cost estimate, and outcome — per user, per endpoint, per call.
A daily background task scans for cost spikes and token-rate anomalies against a rolling baseline and emits alert events.
Full detail in the AI Disclosure / Model Card.
Two sub-processors. Both named. Both audit-current.
Additions or material changes are notified to controllers 45 days in advance per our standard Data Processing Agreement.
Microsoft Corporation (Azure)
| Purpose | Compute, database, identity, communications, storage, secrets, logs. |
|---|---|
| Region | East US 2 (United States) |
| Training use | Customer data is not used to train any Microsoft AI per the Microsoft Online Services terms. |
| Audit posture | SOC 1 / 2 / 3, ISO 27001 / 27018, FedRAMP High, HIPAA BAA available. |
Anthropic, PBC
| Purpose | Claude API — text inference for analysis, synthesis, generation, and chat. |
|---|---|
| Region | United States (Anthropic's primary inference infrastructure) |
| Training use | No training on API customer data per Anthropic Commercial Terms §7. 30-day retention for abuse monitoring; deleted thereafter. |
| Audit posture | SOC 2 Type II. Trust Center: trust.anthropic.com. |
Full inventory: Sub-Processor List.
What data lives where, for how long.
| Class | Storage | Retention | Sensitivity |
|---|---|---|---|
| Account identity | PostgreSQL (encrypted at rest) | Lifetime of access + 90 days | PII |
| Authentication telemetry | PostgreSQL | 30–90 days | Pseudonymous |
| Chat content | PostgreSQL | 365 days; user-deletable via DSAR | User-attributed |
| AI audit log | PostgreSQL | 365 days, then anonymized; prompt fingerprints retained for forensic integrity | Metadata only — no full prompts |
| Security events | PostgreSQL | 90 days | Operational |
| Engagement work product | PostgreSQL + filesystem | Lifetime of engagement + archive per controller direction | Client-owned |
| Recordings (media) | Azure Files (private mount) | Per engagement contract | Stream-only; no download surface |
| Versioned system prompts | PostgreSQL | Indefinite (forensic integrity) | Configuration |
Retention is automated — a daily background task prunes per-class TTLs. Anonymization on the AI audit log replaces email identifiers with a one-way hash on DSAR erasure, preserving forensic integrity without retaining personal data.
How the platform is run.
Boring, but essential operational discipline.
- Single accountable operator per engagement, backed by a secondary.
- Daily background tasks for retention enforcement and abuse-pattern detection.
- Monthly access review with an exportable evidence artifact, auto-reminded.
- Quarterly dependency CVE scan via pip-audit.
- Annual policy review with refresh dates published.
- Incident response with 24-hour Counsel notification for SEV-1 events, 72-hour breach notification per DPA.
Need the documentation pack for procurement?
We can provide a current Security & Compliance documentation set (Information Security Policy, Access Control, Encryption Standards, Incident Response, BCP/DR, AI Use Policy, Vendor Inventory, and more) on request, under NDA.