SECURITY & TRUST

Trust, control, and
operational proof.

We make data, decisions, and approval flows measurable and auditable at the enterprise operating layer. Your company data belongs to you — not to us.

VERIFIED

How we protect your data

  • Data is stored encrypted at rest.
  • TLS is enforced for all data in transit.
  • Tenant isolation is enforced via Supabase Row Level Security policies.
  • Your company data is never used to train AI models.
VERIFIED

Who can see what

  • Knowledge access is restricted by role, department, authority level, confidentiality classification, and Visibility Rules.
  • Even administrators cannot view flows outside their authorisation scope in full.
  • A five-layer confidentiality matrix governs field-level visibility across all operations.
VERIFIED

How operations requiring approval are paused

  • Financial thresholds are defined in configuration.
  • Critical operations never auto-proceed; they route to the appropriate person for Human Approval.
  • Operations awaiting approval are visible and traceable in the Restricted Action queue.
VERIFIED

How the Audit Trail works

  • All significant decisions and policy enforcements are written to an immutable audit log.
  • The log operates on an append-only model; historical records cannot be modified.
  • A DELETE=false RLS policy prevents audit records from being deleted.
VERIFIED

Multi-model orchestration

  • Model selection is managed within the platform according to task, quality, security, cost, and governance requirements.
  • There is no dependency on a single model provider.
  • Open-source LLMs are never used. All models are enterprise-grade with contractual data protection terms.
VERIFIED

Platform vs. company administrator

  • Platform management and tenant management are strictly separated.
  • Orygent platform administrators do not have default access to company data.
  • Break-glass access requires documented justification and is written to the Audit Trail.
VERIFIED

Data deletion and portability

  • Deletion requests are processed under GDPR Article 17.
  • Data portability is provided under GDPR Article 20.
  • Requests can be submitted to support@orygent.com.
VERIFIED

Trust Control Layer

  • A dedicated policy engine sits between every AI action and execution.
  • Five rule layers — role, department, authority, confidentiality, and channel — must all clear before any operation proceeds.
  • Any rule violation automatically triggers a RESTRICTED state and routes to the Human Approval queue.
  • The Trust Control Layer cannot be bypassed by any user, including platform administrators.
COMPLIANCE DOCUMENTATION