Security and Controls
Control-first design for enterprise document workflows
The platform is built to keep retrieval, decisions, and workflow activity tied to approved documents, scoped access, and visible operational records.
🔒
Role-aware access
JWT and API-key based access models support tenant isolation and role-aware product usage.
🛡
Governed retrieval
Department and sensitivity controls can filter what evidence is eligible for retrieval and answer generation.
🔑
Version-aware answers
Indexes and documents are versioned so responses can stay tied to the intended knowledge snapshot.
Control features in the product
- Document metadata for tenant, department, sensitivity, operator, and retention
- Audit history for ingestion and task events
- Request IDs and operational logging
- Rate limiting and bounded prompt budgets
- Optional encryption support for stored index artifacts
Operational review tools
- Usage analytics for query, latency, quality, and version adoption
- Evaluation workflows for testing document-grounded behavior
- Human review checkpoints inside approval and agent-task flows
- Upload session tracking for managed ingest and index build workflows
We only describe controls that are already supported in the current product or rollout workflow.
Designed for governed rollout
- Start with one controlled workflow and one approved document corpus
- Measure grounding, usage, and review quality before expansion
- Keep document versions and operational events visible to reviewers
What we discuss during deployment
- Access model and tenant boundaries
- Document ownership and update process
- Retention and audit expectations
- Evaluation process before wider release