Scope a Pilot
TRUST · SECURITY · GOVERNANCE

Security is not a feature.

Our customers run AI systems against revenue, legal, and private capital data. This page documents how we build, deploy, and govern those systems — because it's the first thing any serious operator asks.

DATA RESIDENCY
Your tenant
TRAINING ON YOUR DATA
Never
AUDIT LOG
Per-user
HUMAN APPROVAL
Default
KILL SWITCH
Per-client + global
01

Data handling

RESIDENCYYour cloud, your tenant. Systems deploy into your AWS, Azure, or GCP account by default.
TRAININGYour data never trains a model. Inference only. Contracts prohibit upstream use.
ENCRYPTIONAt rest + in transit. Customer-managed keys supported on request.
RETENTIONYou set the clock. Default 30 days for model inputs; configurable to zero.
02

Access control

SSOSAML + OIDC on day one. Okta, Entra, Google Workspace tested.
RBACScoped by default.No user sees data their role shouldn't see — enforced before the model reads it.
AUDITPer-user log. Every prompt, every draft, every approval. Exportable.
SESSIONConfigurable timeout. Idle lock, re-auth on sensitive actions.
03

AI governance

APPROVALHuman in the loop on any customer-facing output. Configurable per workflow.
PROVENANCESources, always. Every generated artifact links back to the documents that grounded it.
GUARDRAILSContent + topic filters. Tuned per deployment — what the system may and may not discuss.
OVERRIDEOne-click kill. Admins can disable any workflow without a redeploy.
04

Operations

UPTIME99.9% target on retainers. Status page per deployment.
MONITORINGEnd-to-end traces. Classification accuracy, draft quality, SLA drift — all dashboarded.
INCIDENT4-hour response for Sev-1. Root-cause write-up within 72 hours.
DISCLOSURECoordinated. Security findings reported under a published policy.
COMPARED

What a DK1 build gives you that a SaaS AI doesn't.

CAPABILITYDK1 BUILDSAAS AIIN-HOUSE
Deploys inside your tenant
No training on your data
Per-user audit log
Workflow-specific tuning
Ships in weeks, not quarters
Operated by the builder
COMPLIANCE · OUTCOME COMMITMENTS

What we are honest about.

SOC 2

DK1.AI is not currently SOC 2 certified.

We operate under SOC-2-aligned controls:

  • Access management and least-privilege IAM
  • Immutable audit logging of every action
  • Encryption at rest and in transit
  • Policy versioning with approval trails
  • Kill switch controls available to customer admins

We will pursue SOC 2 Type II attestation as we onboard customers whose procurement requires it.

OUTCOMES

We do not guarantee revenue outcomes.

DK1.AI does not guarantee revenue lift, deal velocity, close rate, or specific business outcomes. We commit to what we ship:

  • Working agents that run in your tenant
  • Immutable audit logs of every action
  • Human approval gates on every customer-facing output
  • Measurable operational metrics — first-response SLA, meeting-booked rate, pipeline coverage, review-cycle health

Outcomes depend on your team, your market, and your offer. Any vendor promising guaranteed revenue lift on an AI deployment is selling you something other than software.

Need our full security packet?

Evidence docs, sample DPA, penetration-test summary, subprocessor list. Sent under NDA on request.

Request packet →