What changes at enterprise scale

Three things your security review will ask about.

Run it on your perimeter

Helm chart, Terraform module, dedicated VPC, or fully isolated tenancy. Memory and embeddings never leave your boundary. Bring your own KMS keys.

Memory under access control

Per-project isolation. Fine-grained RBAC. Scoped tokens. Memory-visibility controls so the right teammates see the right context — and nothing else.

Compliance you can prove

Tamper-evident audit log streamed to Splunk, Datadog, or Sumo. DLP and redaction policies. GDPR-aware right-to-forget. SOC 2 Type II in progress.

Compliance + deployment surface

The boring stuff, stated plainly.

DeploymentVPC / self-hostHelm + Terraform; air-gapped supported.

EncryptionAES-256 / TLS 1.3At rest + in motion; BYO KMS.

IdentitySSO · SAML · SCIMOkta, Entra, Ping, JumpCloud.

Audit log7-yr retention to SIEMSplunk · Datadog · Sumo.

Data residencyUS · EU · BYO regionPinned per tenant.

PrivacyGDPR-awareRight-to-forget; PII redaction.

SLA99.95%24×7 support · dedicated SE.

CertificationsSOC 2 Type IIIn progress; report Q3 2026.

More detail on the security surface lives on the security & privacy page and in the enterprise use-case.

Architecture review

Bring your security questions.

A 30-minute call with a solutions engineer. We bring the architecture diagrams, the deployment options, and the audit-log sample. You bring the threat model.

Schedule architecture review Read the security page