Security & trust

Your data stays on US infrastructure. Your name stays off our site.

We handle the documents your business runs on, so trust is the product. Here is exactly what we touch, what we don't, how a human stays in the loop, and an honest account of where our formal certifications stand. Written for owners and the sponsors who back them.

US
infrastructure for storage and processing
HITL
human-in-the-loop on anything uncertain
Scoped
access limited to the engaged workflow
Discreet
references on request, not logos on a wall
01Data handling & infrastructure

Least access, US-based,
and scoped to the job.

We take the minimum we need to do the work, and no more. Access is scoped to the specific workflow you engage us for — the order channel, the document type, the master-data fields required to structure an order correctly. We don't crawl the rest of your system.

Storage and processing stay on US infrastructure. For data-sensitive clients we can run the orchestration layer self-hosted (n8n) so documents never leave an environment you control, and we use enterprise model tiers (AWS Bedrock, Azure) for an enterprise security posture rather than consumer endpoints.

Foundation-model providers on those enterprise tiers do not use your content to train their models — and neither do we. Your documents are used to deliver your engagement. That's it.

Data principles
  • Least privilege — access scoped to the engaged workflow only.
  • US infrastructure — storage and processing stay in the US.
  • Self-host option — orchestration can run inside your environment.
  • No training on your data — enterprise tiers exclude it by terms.
  • Clean exit — your data and SOPs stay with you if we part ways.
02What we do & don't touch

The boundary, written down.

We do

  • Read the documents you send us — Inbound orders and back-office documents — email, PDF, fax — read into structured fields.
  • Use only the master data the workflow needs — Item, customer, and pricing records required to structure an order correctly — nothing beyond scope.
  • Write to your ERP through approved channels — Structured, reviewed orders post to your system of record the way you sign off on — never a side door.
  • Instrument the result — A before/after harness measures the metrics in the signed baseline, and nothing else.

We don't

  • Auto-propagate dirty data — Low-confidence output routes to a person. Nothing uncertain writes itself into your system of record.
  • Rip-and-replace your ERP — We adapt to P21, Eclipse, NetSuite, your AMS — we do not migrate or replace your core system.
  • Train public models on your data — We use enterprise API tiers (e.g., AWS Bedrock, Azure) whose terms exclude using your content to train foundation models.
  • Sell, share, or resell your data — Your data is used to deliver your engagement. It is not a product, an audience, or a training set.
  • Put your name on our site — No logo, no case study, no mention without your written sign-off. Discretion is the default.
  • Touch anything outside the scope — No payroll, no HR, no systems outside the workflow we were engaged to automate.
03 · Human-in-the-loop

Nothing dirty
auto-propagates.

Every automated action carries a confidence score. We set the thresholds with your team: above the line, an order flows; below it, a person reviews it with the source document attached. Thresholds start conservative and tighten only as measured accuracy earns it.

It means an uncertain order never writes itself into your system of record — and your people stay the final check on the documents that move your money.

The control, in one breath

"A confidence score on every action, a threshold you control, and a human on anything that isn't sure. No black box."

The same design is the guardrail on our guarantee: a payout is never triggered by a system that actually worked.

04Discretion

Discretion is a feature,
not an afterthought.

We work with owner-operated businesses, many of them family-run, on changes they'd rather their competitors not hear about. So your name stays off our site — no logo, no case study, no mention — unless you put it there in writing.

When we need to show credibility, we offer references on request and our own attributed benchmarks, not borrowed logos. We'd rather under-claim than parade a relationship you didn't agree to make public. That's the same standard a sponsor expects of a diligence-grade partner.

For sponsors specifically

Operating partners and value-creation teams get the data-governance answers they need for portfolio rollout: scoped access per portco, US infrastructure, enterprise model tiers, human-in-the-loop controls, and a documented exit. We behave like a partner you can put in front of a portco CFO.

See the PE playbook →
05Certifications — an honest note
[PLACEHOLDER]

Formal certifications are in progress.

We will not claim a certification we don't hold. As a pre-launch boutique, our formal attestations — e.g., a SOC 2 examination [PLACEHOLDER] — are in progress, not complete. What is true today: US infrastructure, least-privilege scoped access, enterprise model tiers that exclude training on your data, human-in-the-loop controls, and a written engagement boundary. If a certification is a precondition for you, tell us — we'll be straight about timing rather than paper over it.

This page describes our design and operating commitments. Specific contractual terms are set per engagement; ask and we'll share them.

Ask us the hard questions.

Security, data handling, certifications, references — bring the checklist. We'd rather answer it now than dodge it later.

Book a 20-min callSee how we work