Security & Trust

Expertise isn't safe
unless your data is.

Every conversation, every document, every refinement on Apex Replicant flows through architecture built for hard isolation. Database-level row security. Per-client per-session scoping. PII detection on every ingest. Audit trail across every approval and configuration change. SOC 2 Type II readiness controls in place; full attestation in audit.

Request the security packetSee the compliance roadmap
Built into the platform from day one

Architecture controls.

  1. Row-Level Security (RLS)

    Database-level data isolation. Every read and write is gated by RLS policies that check the actor against the row's tenant. Multi-tenant safety isn't a service-layer afterthought, it's enforced at the database.

  2. 4D Knowledge Scoping

    Every Codex retrieval is scoped along four axes: expert, protege, client, session. One client's documents can never surface in another client's conversation. The same pattern isolates Sentinel knowledge across organizations and Author Protégé content across audiences.

  3. PII Detection & Removal

    All ingested content (documents, transcripts, session audio) runs through a PII detection pipeline before storage. Identifiable elements are stripped from the indexed embeddings; the original file is preserved at the file layer for expert review.

  4. Audit Trail

    Complete audit logging across every approval, configuration change, refinement instruction, and admin action. Exportable for compliance review on Enterprise tiers.

  5. API Gateway with Auth Enforcement

    Centralized request routing, authentication enforcement, click-tracking redirect handling. No service-to-service call bypasses the gateway's auth layer.

What we claim today

Compliance posture.

SOC 2 Type II readiness — In audit. Infrastructure controls and audit logging are built for SOC 2 Type II certification. Full attestation expected Q3 2026. Sentinel Enterprise tier customers get the audit-trail exports and underlying readiness controls today; the formal attestation drops alongside the audit completion.

GDPR-aligned data practices. Cookie consent on every public surface, one-click unsubscribe (RFC 8058 compliant) in every email, user-controlled data export and deletion.

Stripe Connect for payments. Stripe handles identity verification, payment processing, and tax form generation (1099-K). Apex Replicant never stores card data.

PII handling at ingest. Personal identifiers are detected and stripped before storage.

What we do not claim today: SOC 2 Type II certification. HIPAA. ISO 27001. PCI DSS direct. Anyone telling you they are "fully SOC 2 compliant" before the audit is wrong; we will tell you the truth and ship the attestation when the auditor signs.

Three customer types, three isolation patterns

Data isolation in practice.

  1. Consultant Digital Protégé

    Your KB is yours. Your clients' Codex documents are scoped per-client per-session. Sessions never cross clients. Other experts on the platform can't read or train on your KB.

  2. Sentinel B2B deployments

    Your Sentinel-branded protege is isolated to your organization. Employee accounts within the organization see only what you've made visible to their role. Audit-trail exports give your compliance team line-by-line visibility into who saw what when.

  3. Author Protégé deployments

    Your body of work is yours. Reader conversations stay with the reader; nothing a reader uploads via Codex (with their consent) becomes part of your KB unless you explicitly approve it.

The systems behind the controls

Infrastructure overview.

20+ microservices on Google Cloud Run, independently deployable, scoped to specific concerns (billing, sessions, experts, knowledge base, leads, rules, etc.).

Multi-model AI stack: Vertex AI (Gemini 2.5 Flash + Pro), Anthropic Claude (Sonnet + Opus + Haiku), OpenAI (GPT + embeddings). Selected per task for cost and quality fit; no single AI vendor lock-in.

Centralized secret management via Google Secret Manager with IAM scoping.

Full observability via Google Cloud Logging and Monitoring across the entire service mesh.

34 patent claims filed with the USPTO, plus one pending. The platform itself is novel IP.

Full architecture deep-dive: /platform.

What's next

Compliance roadmap.

  1. Q2 2026

    SOC 2 Type II audit underway

    Audit-trail exports available to Enterprise customers today.

  2. Q3 2026

    SOC 2 Type II attestation expected

    Formal attestation drops alongside auditor sign-off.

  3. Q4 2026

    HIPAA-aligned controls evaluated

    For healthcare-vertical Sentinel deployments. BAA on case-by-case basis.

  4. 2027

    ISO 27001 + custom data residency

    International Enterprise tier; data residency options for EU and APAC.

Responsible disclosure

Reporting a vulnerability.

Found something? Email security@expertscale.ai with the details. We respond to every report. We do not sue researchers acting in good faith. Standard responsible-disclosure window applies before public disclosure.

FAQ

Common questions.

Where is data stored?
On Google Cloud Platform in the United States. Custom data residency is available for Enterprise customers on the Sentinel product line; contact security@expertscale.ai.
Do you train models on customer data?
No. We use foundation models from Vertex AI, Anthropic, and OpenAI under enterprise terms that prohibit training on our customer data. The expert-specific protege learning happens via prompt + retrieval-augmented generation, not by fine-tuning a shared model.
Can I delete my data?
Yes. Experts can export and delete their KB; clients can delete their Codex documents; Sentinel customers can request full organization-level export and deletion. Audit trail of the deletion is preserved per compliance requirements.
What's the data-retention policy?
Sessions and KB content are retained for the lifetime of the active account. Codex client documents soft-delete after 90 days of inactivity (with an email warning to the client). Deleted-account purge runs within 30 days of account closure.
Are conversations encrypted?
In transit, yes: TLS for every API call. At rest, every database column and storage object is encrypted by Google Cloud's encryption at rest. Application-layer encryption for sensitive fields where applicable.
Can I sign a BAA or DPA?
DPA: yes, available to all paying customers. BAA: case-by-case for healthcare-vertical Sentinel deployments. Contact security@expertscale.ai for evaluation.
Due diligence?

Request
the security packet.

Architecture overview, compliance posture, vendor risk profile, sub-processor list, incident-response runbook. Sent within one business day to enterprise prospects.

Request the security packetRead the architecture deep-dive