What happens if the central licensing API is unreachable?

Active sessions continue. The policy is fail-open with the option for central operators to terminate misbehaving deployments if a license is revoked.

Can we run completely air-gapped?

The kiosk profile supports an air-gapped configuration with offline licensing. Talk to us about the requirements for your environment.

Security & Compliance

Enterprise isolation, by design.

Every on-prem customer runs an isolated stack with mTLS device certs, encrypted credential bundles, and a tamper-evident audit log. Central infrastructure handles licensing only.

Talk to us about a pilot

Isolation model

What you get on day one

These controls are already implemented and shipping in the current release.

One customer per stack

On-prem deployments run a dedicated proxy plus GPU pool per customer. No shared compute, no shared session state. Provisioned with Terraform and Ansible.

mTLS device certificates

Every GPU worker authenticates with a unique device certificate signed by an internal certificate authority. License registration, worker heartbeat, and session attestation all run over mutual TLS.

Encrypted credential bundles

Each GPU receives a GPG-encrypted bundle containing its device key, decrypted only at boot into a tmpfs-backed runtime secrets directory.

Tamper-evident audit log

Every administrative mutation, worker registration, and session-attestation event is written to an immutable audit log table. Operators inspect via the admin console.

Central licensing, fail-open attestation

Central infrastructure performs licensing only. Active sessions attest periodically to the central licensing API over mTLS; if attestation fails, the policy is fail-open with central termination available.

Compliance roadmap

What we have, what we are building, what comes next

Honest status per framework. We do not claim certifications we have not earned, and we publish target dates rather than aspirations.

What it is

Status

How we get there

On-prem isolation
Differentiator versus SaaS-only competitors and the foundation under every other framework on this list.
Live today
Differentiator versus SaaS-only competitors and the foundation under every other framework on this list.
Already implemented: one-customer-per-stack, mTLS device certs, GPG-encrypted credential bundles, audit log, central attestation.
GDPR
Required for any deployment that processes EU personal data.
Posture publishable now
Required for any deployment that processes EU personal data.
Publish DPA template and subprocessor list, sign SCCs for non-EU transfers, maintain an internal ROPA. Approximately two weeks.
CCPA / CPRA
California state privacy law — comes alongside the GDPR posture.
Posture publishable now
California state privacy law — comes alongside the GDPR posture.
Privacy policy already covers the core requirements; add a documented Do-Not-Sell opt-out endpoint and a 45-day consumer-request response procedure.
EU AI Act
Required for any EU deployment of general-purpose AI.
In progress — obligations apply Aug 2026
Required for any EU deployment of general-purpose AI.
Risk classification per Act criteria, transparency notice, model cards, training-data summary, risk-management file. Most AIvatar use cases are limited-risk; biometric or employment uses become high-risk.
ISO 27001
Procurement gate for most EU enterprise buyers.
Target Q4 2026
Procurement gate for most EU enterprise buyers.
Information security management system, statement of applicability, risk register; Stage 1 documentation and Stage 2 operational audits.

See compliance detail

Need a security review before a pilot?

We will share architecture diagrams, the latest audit log schema, and answer your security team's questions on a call.

Security FAQ

Inside the customer's own GCP project. Central infrastructure stores only licensing metadata and the attestation log.