Built for Enterprise Trust
We understand the security, compliance, and governance requirements of large enterprises. Here's how we meet them.
Controls aligned to ISO 27001; evidence available under NDA
SOC 2 Type II-aligned controls; evidence available under NDA
DPA available, data residency controls in place
10+ FS engagements under FCA oversight
How We Protect Your Interests
Five pillars of enterprise-grade trust and governance.
Data Handling
Your data never leaves your environment without explicit approval.
- We work within your cloud tenancy—no data egress to our systems
- Sample data only used for PoC; production data stays in production
- Schema-level analysis preferred over raw data inspection
- All data access is role-based and audited
- Data deletion upon engagement completion (or as agreed)
LLM Boundaries
Clear controls on what AI sees and does.
- Schema metadata (column names, types) always sent; sample values (≤5 rows) only with explicit opt-in
- Full dataset contents and raw files are never sent to LLM APIs
- PII detection and masking before any LLM processing
- Customer choice of LLM provider (Azure OpenAI, AWS Bedrock, or on-prem)
- All LLM interactions logged and auditable
- Human-in-the-loop for any production changes
Security Controls
Enterprise-grade security for every engagement.
- SOC 2 Type II-aligned controls and practices
- All engineers background-checked and trained
- Encrypted communications (TLS 1.3+)
- MFA required for all client system access
- Regular security awareness training
- Incident response process documented and tested
Delivery Governance
Structured delivery with clear accountability.
- Weekly status reporting with burn-down tracking
- Change control process for scope adjustments
- Definition of Done agreed upfront for all deliverables
- Risk register maintained and reviewed weekly
- Escalation paths defined at kickoff
- Knowledge transfer and documentation standard
Legal & Compliance
Flexible legal framework for enterprise requirements.
- Standard MSA + SOW structure (or work within yours)
- NDA signed before any detailed discovery
- GDPR-ready DPA available
- Professional indemnity insurance (£2M+)
- IP assignment clauses per engagement
- Reference available under NDA
What You Can Expect
Non-negotiable standards we apply to every engagement.
Full Transparency
Weekly reports, open access to all deliverables, no surprises. You see everything we do.
No Lock-In
All code and documentation is yours. Full handover and knowledge transfer at engagement end.
Your Environment
We work in your cloud, your tools, your processes. No external data transfer required.
Common Questions
Questions we frequently receive from enterprise security teams.
Do you need access to our production data?
No. We can work with sample data, synthetic data, or schema-only analysis for most use cases. Production data access is only needed during implementation, and always within your environment.
Where does data go when using your AI accelerators?
Our accelerators send schema metadata (column names, data types) to LLMs. Sample values (up to 5 rows) are only included when you explicitly opt in. Full datasets are never sent. You can choose your LLM provider (Azure OpenAI, AWS Bedrock) or we can work with on-premises models.
Can you work within our procurement process?
Yes. We have experience with enterprise procurement, including security questionnaires, vendor risk assessments, and working with your standard legal terms.
What about regulatory requirements (FCA, GDPR, etc.)?
We have deep experience with regulated industries. Our delivery approach includes compliance checkpoints, and we can work with your legal and compliance teams throughout.
How do you handle IP ownership?
All custom work product is owned by you. We retain no rights to your data, code, or deliverables. Standard accelerator templates are licensed for your use.
Ready to Discuss Your Requirements?
Book a call with our team to discuss your security, compliance, and governance needs.