Security · trust architecture

Your data.
Your edges.
Your trace.

Single-tenant deployment, customer-owned encryption keys, zero model training on customer data, and an append-only log that is the audit by construction. The decision substrate is the firm's most sensitive asset. We treat it that way.

I · Compliance posture

Attestations,
declared and dated.

No vapor-claims. Each attestation listed with its current state and renewal cadence. Reports available under NDA.

SOC 2 · TYPE II IN AUDIT WINDOW
12-month observation window opened Q4 2025. Report due Q3 2026. Type I delivered to existing customers under NDA.
ISO 27001:2022 PLANNED · 2027
Annex A controls already mapped against internal policy. External certification engaged for H1 2027.
GDPR · UK GDPR DPA AVAILABLE
Standard DPA with SCCs for EEA/UK transfers, sub-processor flow-down, right-to-audit included. ROPA published to customers.
BCBS 239 · ALIGNED BY CONSTRUCTION
Risk data aggregation principles satisfied at the substrate layer: accuracy, completeness, integrity, timeliness — all native to the append-only log.
II · Tenant architecture

Single-tenant.
Always.

DEPLOYMENT Dedicated VPC per customer. No cross-tenant compute, no shared event store, no multi-tenant database row-level partitioning. The graph and the rule engine run on infrastructure provisioned for the firm only.
DATA RESIDENCY Customer-chosen cloud (AWS, GCP, or Azure) and region. EU, UK, US, APAC supported. Data does not leave the chosen region for any reason without an explicit, logged customer instruction.
KEYS · BYOK Customer-managed keys via AWS KMS, GCP KMS, or Azure Key Vault. We never see the master key. Key revocation is final: G-Nosis loses read access to the graph in under five minutes.
NO MODEL TRAINING We do not train models on customer data. Ever. Inference happens against vendor-foundation-model APIs with no-retention flags. Any model fine-tune is on synthetic or fully-anonymised data with explicit customer sign-off.
ENCRYPTION AES-256 at rest, TLS 1.3 in transit, per-event payload encryption for sensitive scopes. Backups encrypted with the same customer key. No plaintext touches durable storage.
III · Audit, by construction

G-Nosis is
the audit.

Every event in the system already carries the audit trail: transaction time, valid time, schema version, actor, source system, and the structured payload that validated the write. Nothing is ever rewritten. Nothing is ever deleted.

SOX 404, MiFID II §16, BCBS 239 risk data aggregation — the substrate already satisfies the requirements that other systems satisfy by bolting on a "logging layer". The append-only log is the logging layer.

Regulators can be granted a scoped, time-bounded, schema-versioned trace query without copying the data anywhere. Right-to-audit clauses are not theoretical.

SOX 404 MiFID II §16 BCBS 239 SR 11-7 (model risk)
IV · Operational

Discipline,
not theatre.

PEN TESTING

Quarterly external pen test by an independent CREST-certified firm. Critical findings remediated before disclosure. Executive summaries shared with customers under NDA.

SUPPLY CHAIN

SBOM-tracked dependencies. Provenance verification on every build. No unsigned packages reach production. Vulnerability triage SLA: 24h on severity 9+.

INCIDENT SLA

P1 acknowledgement under one hour, mitigation under four. Customer disclosure of confirmed security incidents within 72 hours. Post-mortems published to affected customers within ten working days.

ACCESS

SCIM provisioning, SAML 2.0 / OIDC SSO, hardware-key step-up for privileged operations. Internal access to customer environments is break-glass only, logged in the customer's own audit feed.

BACKUPS

Continuous to a hot replica in a second AZ. Daily encrypted snapshots to a cross-region cold store. Restore tested monthly. Restore SLO: 4h RPO, 1h RTO.

CONTRACTS

Standard MSA, DPA, and BAA available on request. Sub-processor list maintained and notified on change. Right-to-audit clauses included by default; we do not negotiate them out.

For CISOs · for COOs · for boards

The full
trust package,
on request.

SOC 2 Type I report, current penetration-test summary, DPA, sub-processor list, and a 90-minute architecture review with our head of platform. Available under mutual NDA within three working days of request.

Request Trust Package See the Schema