Trust & Security
We sell assurance to regulated enterprises, so we hold ourselves to the standard we help our customers evidence. This page states plainly what we do today, what we do not yet do, and when that changes. Detailed security architecture documentation is available under NDA.
Deployment model
- Single-tenant or customer-hosted by default for all pilots and design partnerships — your telemetry can remain entirely inside your environment.
- Australian region hosting for any managed deployment; data-residency pinning is a first-class control, not a configuration afterthought.
- Restricted data tiers can remain customer-side per ADSRA patterns.
Data protection
- Narrow, explicit data contract — every engagement defines exactly which spans, prompts, messages and tool arguments are in scope before anything flows.
- Redaction and minimisation by default — generative-AI telemetry can carry personal and commercial information; we strip and minimise it at the point of collection.
- No training on customer data. Ever.
- Agreed retention windows per engagement, with deletion on request and full export of your configurations, baselines and evidence at any time — no data hostage.
- Encryption in transit and at rest for any managed deployment.
- No third-party analytics inside the platform. Web analytics is confined to our public marketing site; authenticated product surfaces carry no analytics, advertising tags or trackers — only the telemetry your data contract defines.
- A data-processing agreement is available for execution before any telemetry is shared.
Incident response
A documented incident-response plan applies to every engagement: a named contact, defined notification windows, and post-incident reporting to your security function. The plan is included in the engagement pack and reviewed with your team at onboarding.
Certification roadmap — stated honestly
We are an early-stage company and do not claim certifications we do not hold. SOC 2 Type I is planned with platform GA (FY28); SOC 2 Type II and ISO/IEC 42001 alignment follow in FY29. Until then, partners receive our security architecture documentation and the platform's own self-governance evidence — our agents are governed in the product we sell.
Security review welcome
We expect and welcome security and architecture review by your teams before any engagement begins. If an assessment shows your estate — or ours — is not ready, we will say so.
Contact
Security questions, disclosure reports or documentation requests: duane@getamazednow.ai.