Vigilant Entities was built on a single rule: when your AI advisor reads your deal flow, your founder names, your IBANs and your project codenames — none of that should ever leak to a public training set. Not now, not ever.
Every privileged action is hash-chained to the next. Modify, insert, or delete any past entry and the chain breaks — visibly, on this page.
Where every prompt actually goes.
The query enters our FastAPI cluster via TLS 1.3. We never log the body. The Sovereign-AI Redactor strips PII + your configured trade-secret codenames here, before anything else happens.
If you have connected your own AWS account and enabled Amazon Bedrock, every prompt + response runs entirely inside YOUR AWS region. Otherwise we route via the VE LLM Gateway to Anthropic / OpenAI / Gemini — all opted out of training by default.
Every LLM call records a routing receipt — provider, model, region, latency, and whether redactor fired. Auditors can prove every call in the last 90 days stayed inside your account, with one click.
At rest, in transit, in motion.
Built into every LLM call. On by default.
We don't trust that “the model will probably not remember.” We strip the secrets before they ever reach the model. Nine built-in PII patterns + unlimited tenant-defined trade-secret tokens are scrubbed from every outbound prompt.
One Mongo, many sovereign rooms.
Every Mongo query is wrapped by a single `with_tenant()` helper that scopes the filter to the caller's `tenant_id` server-side. Cross-tenant reads require system_admin role and are logged in the audit trail.
Roles (system_admin, holding_admin, incubator_admin, founder, investor, government, guest) gate every route via FastAPI dependencies. JWT tokens carry only `user_id` + signed claims — never PII.
Tenants who connect AWS get their own STS-assumed IAM role with external-id protection. Bedrock + KMS + S3 traffic for that tenant routes through their role only — we have no standing credentials.
Each tenant has their own `privacy_secrets` (codenames to redact) and `privacy_pattern_overrides` (PII patterns enabled/disabled). Their settings affect only their own outbound LLM calls.
Numbers your auditor can sign.
Every AI Council session records a per-persona log: provider, model, region, latency_ms, ok/fail. Shows 'all_bedrock=true' badge when every call stayed inside your AWS.
A single percentage showing what fraction of LLM calls ran inside your own AWS region. 30-day trend sparkline. Visible on the AWS Connection page hero.
Last 50 redaction events (counts only, never the raw text). Lets you prove the redactor fired, day after day, without ever exposing the masked PII to auditors.
Per-email + per-IP rate limiting. On by default, every tenant.
Every failed login is logged with a sliding window — both the target email and the source IP. Cross the threshold and the gate slams shut with HTTP 429 · Retry-After before any password compare runs (so attackers can't even use timing to confirm whether an email exists). Auto-unlocks after the window; admins can clear early.
5 failures in a 15-minute window on the same email triggers a 15-minute lockout. Defends against credential-stuffing on a known account. A successful login wipes the counter for that email.
10 failures from the same source IP in 15 min triggers the same 15-minute lockout. Defends against distributed scans across many emails. X-Forwarded-For is respected — works correctly behind ingress / WAF.
Every failed attempt is recorded in login_attempts with timestamp, IP and user-agent, auto-pruned after 30 days. Active lockouts appear on the admin Security dashboard, sortable, with one-click clear. Lockout events also flow into the immutable audit log.
The lockout check runs before the bcrypt password compare. Locked attackers get the same 429 response regardless of whether the email exists — no enumeration via timing side-channel, no CPU burned on bcrypt for known-bad traffic.
Real-time feed of currently-locked identifiers. We strip every byte that could identify the account or its operator before this leaves our cluster — you're looking at the silhouette of live traffic, nothing more.
Who could theoretically see what.
| Provider | Training use | Verdict | Notes |
|---|---|---|---|
| Amazon Bedrock (your AWS) | Never | gold | Prompts + responses never leave your region. |
| Anthropic Claude | Opted-out | ok | API traffic contractually never used for training. 30-day abuse retention. |
| OpenAI GPT | Opted-out | ok | API traffic opted out by default since Mar 2023. 30-day abuse retention. |
| Google Gemini | Opted-out | ok | Paid-tier traffic never used for training (Vertex AI policy). |
| VE LLM Gateway | Pass-through | ok | TLS-only routing. VE Gateway does not retain prompts. |
The frameworks your auditor will ask about — and how we map to them.
Full coverage matrix in SECURITY.md. Strict CSP, HSTS preload, anti-CSRF, brute-force lockouts, per-device JWT, hash-chained audit log.
Controls mapped clause-by-clause: A.5 policies, A.9 access control, A.10 cryptography, A.12 logging, A.13 network security, A.15 supplier risk, A.16 incident response.
Trust Service Criteria CC1, CC6, CC7, CC8, CC9 all addressed. Audit trail, change management, vendor risk register, incident response playbook in place.
AC (access), AU (audit), IA (identification), SC (system & comms), SI (system integrity) families. AU-9 tamper-evident logs verifiable live above.
Right to access + export (Art. 15/20) and right to erasure (Art. 17) available from your Profile page. Breach notification process documented for 72-hour window.
12+ character minimum, blocklist against known breaches, no forced rotation, MFA-like passwordless magic-links. NIST-aligned, not 1990s-aligned.
Note on certifications: Vigilant Entities is built on these standards and ships with the documented evidence package (SECURITY.md, THREAT_MODEL.md, RBAC_MATRIX.md, INCIDENT_RESPONSE.md, BACKUP_RUNBOOK.md, VENDOR_RISK.md, CycloneDX SBOM). Formal certification audits for ISO 27001 and SOC 2 Type II are scheduled with our compliance partner — request status from security@vigilantentities.com.
The questions auditors and CIOs actually ask us.
No. Every external provider we route to (Anthropic, OpenAI, Gemini) is on the API contract that explicitly opts traffic out of training. When you connect your own AWS account and enable Bedrock, prompts + responses never leave your AWS region at all — even we cannot see them.
Two places: (1) Application data in our managed MongoDB cluster (encrypted at rest via field-level + KMS) in the region you choose at sign-up; (2) Files + AI workloads in your own AWS S3 / Bedrock when you connect AWS, otherwise in our managed buckets. You can move to bring-your-own-cloud at any time from /dashboard/admin/aws.
A live KPI on your AWS Connection page: % of LLM calls in the last 30 days that ran inside your AWS region (Bedrock) versus the shared VE LLM Gateway fallback. Auditors love it. It is regenerated every time you load the page.
Add them to the Sovereign-AI Privacy Center. Every external LLM call passes through a regex redactor that replaces those tokens with [redacted-secret] before the prompt leaves the cluster. You can also disable individual built-in PII patterns if your workflow needs them intact.
No. Every Mongo query is scoped by `tenant_id` server-side via a single `with_tenant()` helper that all 80+ routes share. Cross-tenant reads require the system_admin role and are logged. White-label tenants run in fully isolated rooms.
Yes. Every failed login is logged with a sliding window — 5 failed attempts for the same email in 15 minutes triggers a 15-minute lockout, and 10 failed attempts from the same source IP triggers the same. Locked sessions get HTTP 429 with a Retry-After header (your client should respect it). The lockout check runs BEFORE bcrypt compare so an attacker hitting the limit never gets timing signal about whether the email exists. Admins see active lockouts on the Security dashboard and can clear them with one click. We do not use CAPTCHAs — this is a pure server-side mitigation.
TLS 1.3 between the user and our ingress. TLS 1.2+ between our cluster and every external LLM provider (HTTPS over boto3 + the VE LLM Gateway SDK). At rest: per-document Fernet (AES-256) for sensitive fields, with the master key in a KMS-managed envelope. When you paste a CMK ARN on the Admin → Field Encryption page, every new write is wrapped with your CMK from then on.
Login to your tenant, paste an IBAN into the Privacy Sandbox, and watch the redactor strip it before any prompt leaves the cluster. Then check your Sovereignty Score — and watch it climb as you migrate workloads to your own AWS.
Full-screen, push-ready, opens in one tap. No App Store needed.