Working draft. This page contains commitments pending final verification against our stack. Remove this banner before publishing.

Trust & Security

Confidential by architecture.
Not by promise.

You're bound by a duty of confidentiality. So the systems you run on can't just be secure in a brochure — they have to be secure in their structure. We build so that you own the data, a human owns the judgment, and nothing load-bearing happens in a black box.

How we keep your work confidential

You own everything

Code, data, infrastructure, and IP transfer to you in full. No rented platform you can't leave, no asset you don't control.

Confidential by design

We build on infrastructure you own and keep load-bearing decisions human. Confidentiality is a property of the architecture, not a promise bolted on after.

Accountable, not automated-away

Agents do the labor; a human architect owns every decision that has to be defensible. In regulated work, that isn't optional — it's the requirement.

Ownership

The system is an asset on your balance sheet — not a subscription on your card.

The single most important security property of our work is that it's yours. Rented tools you can't leave and data you don't control are a liability for a firm built on confidence and confidentiality.

  • Full transfer of code, content, and IP at handover.
  • Your data lives in infrastructure you own and can audit.
  • Export anything, anytime — no proprietary lock-in.
  • When an engagement ends, you keep the whole running system.

How we operate

Security practices we build to.

The standard we hold ourselves to on every build. Items marked to confirm are commitments we finalise in writing per engagement.

Data ownership & portability

Your code, content, and data are yours and exportable at any time. Engagements end with a full handover — no lock-in, no hostage data.

Owned infrastructure

We build on infrastructure under your control (Cloudflare and your own accounts) rather than multi-tenant SaaS you can't audit or leave.

Encryption in transit

Everything we ship is served over TLS/HTTPS by default. At-rest encryption is provided by the storage layer; specifics confirmed per engagement.

Confirmed per engagement

Human-in-the-loop review

Autonomous agents execute; a human reviews and owns anything that carries legal, ethical, or reputational weight before it ships.

Model-provider handling

We design engagements so your confidential material isn't used to train third-party models, favouring zero-retention and enterprise data terms.

Confirmed per engagement

Least-privilege access

Access to your systems is scoped to what the work requires, time-bound, and revoked at handover. Secrets are never committed to code.

Confirmed per engagement

For procurement & risk teams

Doing diligence? Ask us directly.

We're glad to put specifics in writing: data residency, model-provider data terms, retention windows, subprocessors, access controls, and a signed NDA or DPA where required. A trust page should start a conversation, not end one.

Request our security details

Built for regulated work

Defensible by design. Owned by you.

If you build on confidence, the system underneath you should hold up to scrutiny. That's the only kind we ship.

Confidentiality, ownership, and accountability — engineered in from the first decision.