Your data stays yours. Every action auditable.
Honest compliance roadmap. Isolated tenants. Signed evidence bundles. No training on customer data.
Compliance status — current and planned.
An honest map of where we are. Reach out before a procurement review, not after.
| Standard | Status | Scope | Note |
|---|---|---|---|
| GDPR | Certified | All products | DPA and subprocessor list available |
| SOC 2 Type II | In-process | All products | Readiness assessment complete; audit Q4 2026 |
| HIPAA | In-process | MedTech / Pharma | BAA available, audit Q3 2026 |
| FDA 21 CFR Part 11 | In-process | Regulated life sciences | Audit trail and e-signature module design finalised |
| EU AI Act — high-risk | Design | Sanctions, MedTech | Risk management framework aligned |
| ISO/IEC 27001 | Roadmap | All products | Targeted 2027 |
Your data never trains our models.
Customer data is used only for your agents, your evaluations, your training runs. Isolated tenants by default. On-prem and VPC options for full data residency control.
Every organization runs in isolated infrastructure. No shared compute, no shared storage, no data leakage between tenants.
Every mutation carries actor, executor, policy, and trace ID. Signed evidence bundles per transaction. Full audit trail.
Xplore Cloud, VPC, or fully air-gapped on-premise. Choose the model that matches your regulatory requirements.
Your agents are tested against injection, leakage, and escalation attacks.
Fourteen adversarial probe types run against every benchmark case. Security testing is part of the evaluation chain, not an afterthought.
Prompt injection, indirect injection, and context manipulation probes. Scored as part of the safety evaluator chain.
PII exposure, credential leakage, and cross-tenant information flow detection. Automated scanning on every evaluation run.
Permission boundary testing, tool misuse detection, and unauthorized action attempts. Verified on every deployed agent.
Security evaluators run as live certifications in production. Drift in safety scores triggers immediate alerts.