Orchestra
Security & compliance

Everything your security review asks for. In enough detail to actually verify.

Most teams in regulated work either build a governance layer like this themselves or go without. We built it, hardened it, and brought it to market, and we run it for you. This page lays out the primitives in enough detail that your security engineer can verify the design, not just trust the marketing.

The guarantees

End-to-end encrypted

Commands and output are sealed between you and each agent with modern, audited encryption, no custom cryptography. The infrastructure we run only ever handles opaque ciphertext; it cannot read the work being done.

Hardware-key access

Operator access requires a physical security key. There are no shared logins and no password to phish, and a lost device on its own is never enough to get in.

Hash-chained audit

Every action is written to a signed, tamper-evident chain. Altering a past entry breaks the chain visibly, and the full trail exports as signed records for your SIEM and your auditors.

Hard tenant isolation

Each client lives in its own separately-encrypted boundary. Cross-tenant access isn't a setting that can be misconfigured, it's cryptographically impossible by construction.

Human-gated actions

Sensitive and destructive operations stop and wait for a person. No prompt, no model output, and no injected instruction can talk its way past an approval gate.

Runs in your boundary

On the Firm tier the platform is deployed inside your own environment, taking us out of the data path entirely and placing it within your existing certification scope.

We share the full architecture, primitives, and threat model with your security team under NDA, as part of a paired review, not on a public page a competitor can read.

What we defend against

Infrastructure compromise

An attacker who fully owns the infrastructure we run sees encrypted traffic and metadata only. The work itself stays sealed between you and your agents, and the signed audit chain makes any tampering visible.

Lost device or stolen key

A stolen laptop or security key on its own gets an attacker nowhere. Access is revoked centrally within seconds, and local data stays sealed without a live, authenticated session.

Compromised managed server

Each agent runs a deliberately narrow surface: it executes only authorised, signed instructions and refuses everything else. Anything that looks like tampering takes the agent out of service automatically.

Prompt injection

Output from your systems is treated strictly as data, never as instructions the model is allowed to follow. Destructive actions always require a human approval the model cannot bypass.

Supply-chain tampering

Software updates are cryptographically verified before anything runs. An unsigned or altered build simply won't start.

Misuse from inside an account

Roles, isolation, and the tamper-evident log mean operators only reach what they're entitled to, and every action they take is on the record.

The compliance package

Every engagement ships with a compliance package: your controls mapped to your framework, HIPAA, SOC 2, ISO 27001, a shared-responsibility matrix, and audit evidence drawn straight from the hash-chained log. Getting through your review stops being the blocker and becomes the easy part.

  • Control mappings to your framework

    We map each platform control to the clauses you actually report against, HIPAA §164.312, SOC 2 CC-series, ISO 27001 Annex A, and hand your compliance team the matrix, not a PDF of promises.

  • Audit evidence on demand

    Every state transition exports as signed, hash-chained JSON; partial tampering is visible. It drops straight into your SIEM and answers an auditor's evidence request without a fire drill.

  • Inside your own boundary

    On the Firm tier Orchestra is deployed into your environment, removing us from the data path entirely. It sits inside your existing certification scope rather than asking you to trust ours.

  • GDPR-ready data handling

    Processing stays on your operator hardware and the agents you control; the relay only ever sees metadata. Per-tenant export and deletion are first-class, and a standard EU DPA is signed on request, with EU-only residency on the Firm tier.

  • HIPAA / PHIPA readiness

    Healthcare mode ships the §164.312 technical safeguards, refuses unsafe PHI egress, and generates the shared-responsibility matrix and implementation guide your compliance team needs.

HIPAA & PHIPA readiness →

Put it in front of your security team.

We'll do a paired review under NDA. Bring your hardest questions and your framework, and we'll walk your team through the full design, primitives, threat model, and where each defense lives.

Security & compliance, Enterprise Orchestra