Deployment & Security
The platform is provider-agnostic by design. Run the same workforce on your own servers, in dedicated private cloud, or against enterprise model APIs — and choose which providers and models ever see your data. Security, governance, and deployment control are part of the product, not an enterprise add-on: the workforce is designed to fit the security posture you already operate under.
When the work is sensitive, the workforce runs where you say it runs.
Each role runs in a private environment for one organisation only. Deploy on-premises or on private cloud. There is no cross-customer sharing of resources, activity history, or operational context.
Infrastructure Options
Choose control, speed, and cost deliberately.
Every digital teammate can be deployed three ways. On-premises is the default for higher-control environments, with private cloud and enterprise APIs available where they fit better.
On-Premises
The workforce runs on hardware inside your facilities, under your network and physical controls.
Healthcare, financial services, government, and any organisation where the most sensitive work must stay inside the perimeter.
Private Cloud GPUs
Dedicated GPU infrastructure in a private environment we configure and manage, without shared public endpoints.
Organisations that need tighter residency, isolation, and procurement controls without running hardware themselves.
Cloud APIs
Enterprise-grade model providers for teams that need the fastest path to production on lower-sensitivity workloads.
Teams whose data classification allows third-party processing under enterprise agreements and who want to start quickly.
Security Architecture
Built for teams that have to defend their controls.
Every layer is structured for environments where data classification, auditability, and access control are not negotiable.
On-Premises and Private Cloud as Standard
Run the workforce on your own hardware or dedicated private cloud infrastructure. Higher-control deployment is built into the offer, not sold as an afterthought.
Data Sovereignty
Choose exactly where your data resides. On-premises, specific cloud regions, or within national borders. You control data residency at every layer.
No Customer Data Reuse
Your data is not used to improve another customer deployment, shared across environments, or pooled into a common memory layer.
Isolated Storage
All data processed by your digital teammate is stored in an isolated environment. Complete separation between customer data at every layer.
Full Audit Logs
Every action taken by your digital teammate is logged and traceable. Complete transparency into what was done and when.
Dedicated to One Organisation
Each role is provisioned for one organisation only, with no cross-customer sharing of resources, data, or operational context.
Compliance
Designed to survive procurement and compliance review.
Our deployment models align with established regulatory frameworks, and we provide the documentation and controls mapping your audit team will ask for.
SOC2 Type II
Our infrastructure and operational controls are designed to meet SOC2 Type II requirements. We provide controls mapping documentation and evidence packages for your audit team.
ISO 27001
Deployment models align with ISO 27001 control objectives for information security management. ISMS documentation and control alignment reports available on request.
GDPR
Full data residency controls allow you to keep data within specific geographic jurisdictions. DPA terms, right-to-erasure support, and data processing records included.
HIPAA
On-premises and private cloud deployments support HIPAA-compliant handling of PHI. Business Associate Agreements available. Encryption at rest and in transit enforced.
Security Controls
Operational controls, not just positioning.
The day-to-day controls your security team will want to see — infrastructure, access, logging, data handling, credentials, and review.
Infrastructure Controls
- + On-premises hardware security with physical access controls
- + Private cloud isolation — dedicated instances, no shared tenancy
- + Network segmentation for sensitive environments
- + Geographic data residency enforcement at the infrastructure layer
- + Encrypted storage and encrypted data transmission across all deployment models
Access Controls
- + Each digital teammate operates under scoped credentials — limited to the systems and repositories you approve
- + Permissions defined per tool and per action (read, write, execute)
- + No lateral access between customers or between teammates within the same organisation
- + SSO integration supported — teammates can authenticate through your identity provider
Audit Logging
- + Every action is logged with timestamp, tool, input, and output
- + Logs available via dashboard export; API access and SIEM forwarding available on request
- + Configurable retention periods agreed during onboarding
Data Handling
- + Data processed in-session is not persisted beyond task completion unless explicitly configured
- + No cross-customer data sharing, aggregation, or model training
- + Data deletion available on request — timelines agreed per customer
- + Encryption at rest and in transit using industry-standard protocols
Authentication & Credentials
- + Customer-managed credentials supported — bring your own API keys and service accounts
- + Secrets stored in isolated vaults, never in plaintext or logs
- + Credential rotation supported and recommended on a regular cadence
- + MFA enforced for all operator and administrative access
Security Review Process
- + Security questionnaire and DPA available on request before onboarding
- + Penetration testing programme in place — results available under NDA
- + Dedicated security contact for incident reporting and escalation
- + Custom security review process available for regulated industries
How Data Moves
A controlled path from system to output.
On the on-premises and private-cloud tiers, here is how data moves: you decide what is connected, what can be accessed, and which actions require approval before anything high-risk happens.
Connect Approved Tools
Only the systems you approve are connected. Access starts from your existing permissions model.
Process in Your Infrastructure
Your digital teammate runs on your on-premises hardware or private cloud — isolated and dedicated to your organisation only.
Log and Review Actions
Every action is logged for traceability, and sensitive operations can require human approval.
No cross-customer data flow. No shared memory. Full traceability. On the on-premises and private-cloud tiers, everything stays inside your perimeter.
Industries
Structured for sectors where shortcuts create risk.
We work with regulated organisations that need delivery capacity without compromising security posture, residency, or oversight.
Healthcare
Financial Services
Government
Plan your secure deployment.
Tell us about your compliance requirements, data classification, and preferred operating model. We will recommend the deployment path that fits.