We built governance, audit, and isolation in from day one — not bolted them on for the enterprise tier. Every plan gets the same rails. The Enterprise tier adds self-hosting and SSO on top.
Every prompt, retrieved context, tool call, and output is recorded and dual-written to Postgres for durable history. Each entry carries the agent identity and the approving human (if any), so you can reconstruct any decision after the fact. Real-time SIEM export is on our roadmap.
Configurable approval gates per action class: customer-facing send, transaction above $X, change to a regulated record, vendor onboarding. The approver is named and recorded. The approval lives in the audit trail.
A pre-processor detects PII — names, emails, phone numbers, SSNs, payment cards, IP addresses, medical-license IDs — plus API keys and other secrets, and redacts them before the prompt leaves your tenant. Inbound prompts are screened for injection attempts, and an LLM judge triages ambiguous cases.
Bring your own model keys (BYOK) — calls run on your own provider account. Every tenant's data, memory, and keys are walled off from every other, with cross-tenant access blocked at the gateway. We don't use your data to train models, period. Self-hosting in your own VPC is on our roadmap.
When your CFO asks "why did the agent approve this refund?" — open the action. See the prompt, the retrieved policy clauses, the tool call, the approving human (if any), and the output. Reconstruct the full reasoning. No black boxes.
Most teams send a 200-line questionnaire. We answer most of it in our docs. Send the rest to us — same-week turnaround.