Security and accountability, engineered in.
A government AI product has to be trustworthy before it is useful. These controls are part of the platform, not a later add-on — and we are explicit about what is and is not yet independently verified.
Isolation
Multi-tenant and department isolation enforced in the data layer (tenant filter on every query) and re-checked on each returned row. The tenant identity comes from the authenticated token, never a request parameter.
Access control
Fixed RBAC roles; session idle + absolute timeouts; admin re-authentication for sensitive operations; login lockout; token revocation on logout. MFA-ready schema.
Data protection
scrypt password hashing, HMAC bearer tokens, AES-256-GCM field encryption, PII/SSN detection & redaction on intake, and parameterized queries throughout.
Model governance
Allow-listed models, circuit-breaker, timeouts, bounded retries, content-filter handling, no training on customer data by default, and per-agency daily/monthly spend caps — fail-closed to human escalation.
Auditability
Append-only audit of user, admin, and agent actions, tenant-scoped and exportable; physical immutability (WORM) is a deployment concern.
Supply chain
Zero third-party runtime dependencies in the core (Node.js built-ins), which reduces the runtime attack surface for a government product.
Isolation you can see
Every tenant, cleanly separated.
Each agency tenant's data, users, knowledge, and spend are isolated in the data layer and re-checked on every row — with per-agency model-spend caps that fail closed to a person.
Procurement-ready evaluation
Review the security model with your team.
A guided demonstration or a seeded evaluation environment — honest capability, clear limitations, no unsupported claims.