Control
Security, governance, and compliance
Governance is enforced on every agent action — not just documented. This page shows the current posture, the roadmap, and exactly what ships today.
EU + UK
Data residency
Single-tenant
Option for regulated
SOC 2
Type I in progress
GDPR
Operational
Pillars
Platform governance controls
Governance
Every agent action is policy-checked and recorded. The platform enforces what your compliance team requires.
- — Role-based access control
- — Tool allowlists per environment
- — Kill switch and rate limits
Data handling
We separate customer data, evaluation traces, and anonymous telemetry. You choose what we can see.
- — Single-tenant option for regulated deployments
- — EU + UK regions
- — DPA on request
Provenance
Every change is recorded with full context: model, prompt, and tool trace. Deterministic replay is available by default.
- — Append-only audit log
- — Signed scoring outputs
- — Point-in-time replay
Adversarial testing
Agents are stress-tested against Agent 007 red-team suites before they ship to production.
- — Prompt injection tests
- — Tool-misuse simulations
- — Drift and regression alerts
Compliance
Current compliance status
Incomplete controls are marked with their current stage.
| Framework | Status | Notes |
|---|---|---|
| GDPR / UK GDPR | Operational | Data processor. Sub-processor list published. |
| SOC 2 Type I | In progress | Target: Q3. Audit partner selected. |
| HIPAA | Mappings ready | BAA on request for MedTech pilots; data stays in customer VPC. |
| FDA SaMD | Aware | Not a medical device. Pre-market alignment on request. |
| EU AI Act | Aligned | High-risk system mappings for agent deployments. |
| ISO 27001 | Roadmapped | Follow-on after SOC 2 Type I. |