Your perimeter. Your controls. Your call.
// data residency by design
Your VPC, your data centre, or ours. Same product, same SLAs, same controls. One contract, three deployment shapes. Residency, sovereignty, and procurement stop being the reason pilots die.
AWS, Azure, or GCP. Deployed into your VPC, IAM, and KMS. PII stays in your account. Transcripts stay in your bucket. Your security team owns the boundary.
For lenders standardised on a hyperscaler →Fully self-contained. Air-gapped if needed. For tier-1 environments where regulators or sovereignty rules forbid public cloud. Ships as a container set, no outbound telemetry.
For tier-1 banks & sovereign data →We host. Same product, same controls, faster pilot. BYO-KMS at rest, dedicated tenant by default. For teams that want outcomes before infra reviews.
For fastest path to pilot →
Designed to clear infosec review without the back-and-forth. Honest posture: what's shipped, what's in progress, what's on request.
Scripts, disclosures, and contact rules enforced per call. Not retrofitted. Not advisory.
Mini-Miranda, third-party disclosure rules, contact frequency caps, consent capture for autodialed calls. Reg F 7-in-7 contact rule enforced at the orchestrator layer.
Arrears handling rules, treating customers fairly, vulnerability detection prompts surfaced in real time. SYSC 9 record-keeping baked into the audit log.
Art. 22 transparency on automated treatment paths. Art. 14 disclosure of processing. DPIA artifacts available. Data residency enforced by deployment topology.
Type I in progress. Type II planned for Q4 2026.
// audit firm engagedDPIA template and Art. 14 disclosure artifacts available on request.
// EU residency by deploymentRoadmap target H1 2027 alongside managed deployment GA.
// scoped to managed tenancyWe'll bring the architecture diagram and the security one-pager to the first call.