Security & compliance

This page describes our designed-for security posture: controls and practices we design toward and enforce as the system scales. It is intentionally high level and avoids over-claiming deployed capacity or current certifications.

Physical security (facility)

• Controlled access zones (layered boundaries, least-privilege access by role).
• Access logging for critical zones and operational areas (timestamped entry/exit events as a designed-for control).
• Monitoring coverage for facility entry points and customer boundary areas (designed-for coverage checks at commissioning).
• Visitor + contractor workflows with escort policies and clear ownership (designed-for sign-in/out and access approval posture).

Logical security (systems)

• Tenant separation aligned to dedicated suites vs shared environments.
• Least privilege for operator access; privileged access is logged and reviewed.
• Audit trails for critical operational actions and access changes.

Data handling principles

• Customer environments are separated by design; access is explicit and logged.
• Retention and access policies are defined per customer requirements and contract boundaries.

Compliance (targets, not claims)

When customers require specific compliance, we align on targets and define validation milestones during commissioning and operations (e.g., evidence collection, audit readiness, access control workflows).

What we validate before admitting customer workloads

• Access control workflows function end-to-end (including logging).
• Monitoring/alerting for critical areas is live and actionable.
• Tenant boundary assumptions are tested (physical + operational).

What we will not do

• We will not claim certifications we do not yet have.
• We will state targets, design controls, and validation milestones so customers can evaluate risk with real artifacts.