Trust & Security
Enterprise-grade by design. Auditable by default.
Every decision in Quadrazene™ is authenticated, authorized, policy-checked, and audited. Your data never leaves your control. Your LLM provider contract stays on your paper.
Security pillars
Eight properties we don't compromise on.
Deny by default
No permission means no access. Every API call is authorized against RBAC + ABAC policy.
Tenant isolation
Database-level row security enforces tenancy. No cross-tenant leaks.
Encryption everywhere
TLS 1.3 in transit. AES-256-GCM at rest with per-tenant keys. BYOK optional.
Hash-chained audit
Immutable, tamper-evident audit ledger. Every decision recorded and defensible.
Federated identity
OIDC, SAML, SCIM, LDAP. Entra, Okta, Ping, Google Workspace. Your IdP is the source of truth.
Least-privilege secrets
Credentials never reach atom code, never logged, rotated on policy, KMS-sealed.
Sandboxed execution
Plugin code runs in WASM sandboxes with capability-based security.
Supply chain integrity
Signed artifacts. SBOM in every release. CVE-scanned in CI.
Compliance
Certifications and frameworks
Honest status. We ship controls before we ship certifications.
SOC 2 Type II
In progressControls in place; audit period underway. Evidence packs available to enterprise customers on request.
ISO 27001
Planned 2026Mapped control set published. Third-party readiness review scheduled.
HIPAA
Available on requestBAA executed for healthcare customers. Technical safeguards verified.
GDPR
SupportedData processing agreement available. EU data residency for self-hosted and managed tiers.
CCPA / CPRA
SupportedRight-to-know and right-to-erasure workflows built in. Privacy portal included.
FedRAMP
EvaluatingModerate baseline under evaluation. Reach out if you have a public-sector mandate.
Deployment options
Run Quadrazene the way your security team wants.
Managed SaaS
We run it. You connect via HTTPS. Fastest time to value.
Customer VM
docker compose up -d on your hardware. We never see your data.
Customer Kubernetes
Our Helm chart in your EKS / AKS / GKE / OpenShift cluster.
Air-gapped
Offline bundle. No network egress. Local LLM. FIPS-ready.
Data handling
Your data stays yours.
No model training on your data
Quadrazene does not train models on customer data. Period. We route queries through your LLM provider per your contract.
Query-in-place architecture
Connectors execute queries against your warehouse or ERP in place. We fetch only the minimum result set needed to answer your question.
PII auto-masking
Sensitive columns are masked at the connector boundary for users without clearance. PII never reaches the LLM unless explicitly permitted.
Right to erasure
Scope-delete APIs wipe memories and data for any user or subject with an immutable audit record of what was erased.
Regional data residency
US, EU, and regional deployments available. Your data stays in the jurisdiction you select.
Customer-controlled keys
BYOK encryption at enterprise tier. Integrate with cloud KMS or PKCS#11 HSM.
Responsible disclosure
Found a vulnerability? Tell us.
We welcome responsible disclosure from security researchers. Use our contact form, select “Security review” as the reason, and include reproduction steps. We acknowledge within 48 hours and publish advisories when remediated.
Send a security reportWant the full security review?
Architecture deep-dive, SBOM, penetration test summary, control matrix, and DPA available under NDA.
Request security package