ENTERPRISE TRUST

Security built into
every layer.

Composed AI enforces workspace isolation, envelope credentials encryption, and auditable data access controls to protect your business knowledge.

INFRASTRUCTURE

Data Security & Storage

How we encrypt, host, and partition your files and operational metadata.

Encryption everywhere

All public traffic, database connections, and API calls are encrypted in transit using TLS 1.3. Stored records, vector embeddings, and search metadata are encrypted at rest using AES-256.

Secure Infrastructure

Composed AI runs on top-tier cloud providers (AWS/GCP) inside private, isolated virtual networks (VPCs). We maintain active firewalls, rate limiters, and automated threat monitoring. Your data is never used to train third-party foundation models (OpenAI, Anthropic, or Google).

Structured Storage

Your business metrics, database tables, and conversation records are stored in logically isolated database instances with strict connection restrictions.

PROTECTION

Knowledge Protection & Access

Strict boundary enforcement across your teams and data connectors.

Source permissions

We request read-only scopes when connecting external platforms like Notion, Slack, or databases. We never write to or modify your production source systems.

Workspace isolation

Customer data is partitioned logically. One client workspace can never query, scan, or see the data sources or vector namespaces of another workspace.

Access control

Enforce security standards using role-based permissions. Admins decide which internal members can view signals, read raw sources, run investigations, or edit settings.

EVIDENCE

Evidence & Trust

Our architecture ensures that every response is verifiable and traced to concrete source facts.

Evidence-backed responses

Composed AI never synthesises summaries without supporting citations. Answers are strictly compiled using verified customer context.

Grounded AI reasoning

We leverage LLMs as reasoning engines over your specific context, rather than letting the model fall back on its pre-trained generalisations.

Full auditability

Every data scan, signal trigger, and Q&A thread leaves a transparent audit trail showing exactly which source records were read and when.

Source attribution

Every paragraph in Ask Composed summaries features clickable citations back to the source file, database entry, or support log.

SAFETY

AI Safety & Quality Systems

Built-in evaluation layers to keep responses accurate and aligned with your policies.

Strict Grounding

We format system queries to only reference connected knowledge base sources, completely preventing outside assumptions and model drift.

Hallucination prevention

We pass final responses through real-time verification guards. Responses that lack adequate factual alignment with connected sources are flagged or blocked.

AI Readiness scoring

Every chatbot deployment is rated on factual accuracy, hallucination risk, coverage, and unknown handling before it meets customers.

Human review & handoff

Questions that fall below the AI assistant's confidence threshold are cleanly routed to your team with the full evidence trail attached.

COMPLIANCE

Compliance Roadmap

We design our security controls around established industry standards.

Current Controls

  • SOC 2 framework alignment for data security and availability controls.
  • GDPR & CCPA aligned data processing workflows.
  • Database connection protection and secure TLS 1.3 API enforcement.
  • Encryption-at-rest keys managed securely via cloud KMS.
  • Tenant data isolation enforced at the vector and storage layer.

Roadmap & Audits

  • Scheduled third-party SOC 2 Type II audit examination.
  • Annual external penetration testing and vulnerability checks.
  • Expanded data sovereignty regions for localized compliance.
  • Formal ISO/IEC 27001 standard certification scheduling.
ARCHITECTURE

High-Level Security Architecture

How data flows securely from your connected systems into evidence-backed workspace results.

SOURCE DATA
Notion, Slack, DBs
FILES & DOCS
PDFs, Policies, FAQs
TICKET LOGS
Support Records
↓ TLS 1.3 Encrypted Transfer
SECURE SHARED FOUNDATION

Knowledge Base & Vector Indexing

Credentials isolated via Cloud KMS · Namespaced Vector Storage · Automated PII Sanitisation

↓ Scoped Query Verification
Discovery Layer
Anomaly & Signal Alerts
Investigation Layer
Ask Composed Citations
Customer AI
Grounded Chatbot Handoff
FAQS

Common Security Questions

Do you train models on our data?

No. Composed AI never trains underlying LLMs, public foundations, or proprietary models on your business data, connected documents, or search queries. Your data remains strictly your own.

Where is customer data stored?

All data is stored in isolated, multi-tenant databases and vector namespaces in secure cloud facilities (GCP/AWS). For Enterprise plans, we offer dedicated, single-tenant hosting in regions of your choice.

How are data source credentials managed?

API tokens, database credentials, and OAuth keys are encrypted at rest using envelope encryption with Cloud Key Management Service (KMS). Credentials are only read to fetch updates under strict read-only scopes.

Is there support for single sign-on (SSO)?

Yes. Composed AI integrates with SAML, OIDC, and major identity providers (Okta, Azure AD, Google Workspace) on our Pro and Enterprise plans to enforce your organisation's authentication standards.

Build intelligence. Protect your business data.

Learn more about workspace isolation, specific compliance schemas, or custom enterprise requirements.