For procurement,
compliance, and InfoSec.

The full posture table — encryption, residency, sub-processors, consent gate, audit immutability, SOC 2 readiness — lives on the security page and is what we hand to procurement teams during evaluation.

Current sub-processor list. The full DPA detailing data handling for each is available on request.

A sample Data Processing Agreement, with executable signature blocks and our standard sub-processor schedule, is available on request to qualified firms.

The undersigned represents that

Customer references are made available on request after a first discovery call. Design partners under NDA during the v1 window require explicit authorization before disclosure; we route requests through the relationship lead.

For technical reviewers: a curated set of public-relevant decisions from the architecture decision record.

• ADR-012Prompt cache & third-party AI consent gate

  External AI is fail-closed by default; firms opt in with explicit acknowledgment.

• ADR-018Retrieval architecture — pgvector + provenance citations

  Every AI answer cites the source document; retrieval is per-org scoped.

• ADR-026Immutable, WORM-enforced audit log

  Audit rows are append-only at the database layer, not the application.

• ADR-031Trust posture — confidence signals, stop button, undo

  AI surfaces expose confidence; advisors retain a hard stop and selective undo.

• ADR-035MCP server with bearer-token distribution

  Claude and ChatGPT connect via per-firm MCP tokens with audit lineage.

• ADR-036Workflow engine — declarative trigger → conditions → actions

  Automation under the workflow creator's identity, cross-org rejection at three layers.