[SECURITY · SOVEREIGN AI · ZERO-LEAK ARCHITECTURE]

Your AI works for you.
Your data stays with you.

Vigilant Entities was built on a single rule: when your AI advisor reads your deal flow, your founder names, your IBANs and your project codenames — none of that should ever leak to a public training set. Not now, not ever.

Sovereign AI
Bedrock inside your AWS region
Encryption everywhere
TLS 1.3 ingress · field-level at rest
Auto-redaction
PII + trade-secret tokens stripped pre-send
Tenant isolation
Row-scoped Mongo · scoped IAM roles
Sovereignty Score
Provable per-call audit log
Brute-force shield
Per-email + per-IP rate limit on login
[AUDIT INTEGRITY · VERIFIED]

Tamper-evident log chain holds.

Every privileged action is hash-chained to the next. Modify, insert, or delete any past entry and the chain breaks — visibly, on this page.

8,793entriesverified just nowrefresh · 2 min
[01]

Sovereign AI

Where every prompt actually goes.

Privacy at a glance · last 30 daysrefreshes hourly
Redact
0
masked · 30d
Sovereign
0%
of 0 calls
BYOC
0
AWS · connected
Tenants
17
sovereign rooms
14-day redactions trend1 peak
2026-06-21today
STEP 1
Inside our cluster

The query enters our FastAPI cluster via TLS 1.3. We never log the body. The Sovereign-AI Redactor strips PII + your configured trade-secret codenames here, before anything else happens.

STEP 2
Routed by tenant choice

If you have connected your own AWS account and enabled Amazon Bedrock, every prompt + response runs entirely inside YOUR AWS region. Otherwise we route via the VE LLM Gateway to Anthropic / OpenAI / Gemini — all opted out of training by default.

STEP 3
Receipted forever

Every LLM call records a routing receipt — provider, model, region, latency, and whether redactor fired. Auditors can prove every call in the last 90 days stayed inside your account, with one click.

[02]

Encryption at every layer

At rest, in transit, in motion.

TLS 1.3 ingress
Kubernetes ingress, cluster-terminated. No HTTP downgrade allowed.
TLS 1.2+ outbound to LLMs
boto3 (Bedrock) + the VE LLM Gateway SDK both enforce HTTPS. We bind to provider hostnames, never IPs.
Field-level Fernet (AES-256)
Sensitive document fields (notes, financials, founder PII) are envelope-encrypted with per-document keys.
KMS / CMK wrapping
Paste your AWS KMS CMK ARN on the Field Encryption page. From then on, every new write is wrapped by your customer key.
Mongo Atlas at-rest
EBS-level AES-256 at the storage layer. Atlas KMS integration available on the Admin → Field Encryption page.
Backups
Daily mongodump compressed + encrypted to Atlas-managed buckets. Retention 30 days, encrypted in transit + at rest.
[03]

PII + Trade-secret redaction

Built into every LLM call. On by default.

We don't trust that “the model will probably not remember.” We strip the secrets before they ever reach the model. Nine built-in PII patterns + unlimited tenant-defined trade-secret tokens are scrubbed from every outbound prompt.

Email
Phone
URL
Social handle
Qatari ID
IBAN
US SSN
Credit card
Passport
Trade-secret tokens
Override-able. An admin can toggle a specific pattern OFF (e.g. URLs) when the workflow needs that data intact. Trade-secret tokens cannot be disabled.
[04]

Tenant isolation

One Mongo, many sovereign rooms.

Data plane

Every Mongo query is wrapped by a single `with_tenant()` helper that scopes the filter to the caller's `tenant_id` server-side. Cross-tenant reads require system_admin role and are logged in the audit trail.

Identity plane

Roles (system_admin, holding_admin, incubator_admin, founder, investor, government, guest) gate every route via FastAPI dependencies. JWT tokens carry only `user_id` + signed claims — never PII.

AWS plane (BYO cloud)

Tenants who connect AWS get their own STS-assumed IAM role with external-id protection. Bedrock + KMS + S3 traffic for that tenant routes through their role only — we have no standing credentials.

Privacy plane

Each tenant has their own `privacy_secrets` (codenames to redact) and `privacy_pattern_overrides` (PII patterns enabled/disabled). Their settings affect only their own outbound LLM calls.

[05]

Audit + Sovereignty Score

Numbers your auditor can sign.

Council Routing Receipt

Every AI Council session records a per-persona log: provider, model, region, latency_ms, ok/fail. Shows 'all_bedrock=true' badge when every call stayed inside your AWS.

Sovereignty Score (30d)

A single percentage showing what fraction of LLM calls ran inside your own AWS region. 30-day trend sparkline. Visible on the AWS Connection page hero.

Redaction Audit Feed

Last 50 redaction events (counts only, never the raw text). Lets you prove the redactor fired, day after day, without ever exposing the masked PII to auditors.

[06]

Brute-force shield

Per-email + per-IP rate limiting. On by default, every tenant.

Every failed login is logged with a sliding window — both the target email and the source IP. Cross the threshold and the gate slams shut with HTTP 429 · Retry-After before any password compare runs (so attackers can't even use timing to confirm whether an email exists). Auto-unlocks after the window; admins can clear early.

Failed logins · 24h
0
Across every tenant.
Active lockouts
0
Email or IP currently throttled.
Lockout window
15 min
Sliding window: 15 min.
Per-email lockout

5 failures in a 15-minute window on the same email triggers a 15-minute lockout. Defends against credential-stuffing on a known account. A successful login wipes the counter for that email.

Per-IP lockout

10 failures from the same source IP in 15 min triggers the same 15-minute lockout. Defends against distributed scans across many emails. X-Forwarded-For is respected — works correctly behind ingress / WAF.

Forensic visibility

Every failed attempt is recorded in login_attempts with timestamp, IP and user-agent, auto-pruned after 30 days. Active lockouts appear on the admin Security dashboard, sortable, with one-click clear. Lockout events also flow into the immutable audit log.

Pre-bcrypt gating

The lockout check runs before the bcrypt password compare. Locked attackers get the same 429 response regardless of whether the email exists — no enumeration via timing side-channel, no CPU burned on bcrypt for known-bad traffic.

Live · Active ThrottlesIdentifiers redacted server-side

Real-time feed of currently-locked identifiers. We strip every byte that could identify the account or its operator before this leaves our cluster — you're looking at the silhouette of live traffic, nothing more.

All clear · no active lockouts right now.
Shield is watching — every failed login is logged.
[07]

Provider policy matrix

Who could theoretically see what.

ProviderTraining useVerdictNotes
Amazon Bedrock (your AWS)NevergoldPrompts + responses never leave your region.
Anthropic ClaudeOpted-outokAPI traffic contractually never used for training. 30-day abuse retention.
OpenAI GPTOpted-outokAPI traffic opted out by default since Mar 2023. 30-day abuse retention.
Google GeminiOpted-outokPaid-tier traffic never used for training (Vertex AI policy).
VE LLM GatewayPass-throughokTLS-only routing. VE Gateway does not retain prompts.
[08]

Aligned with international standards

The frameworks your auditor will ask about — and how we map to them.

[OWASP]
OWASP ASVS + Top 10

Full coverage matrix in SECURITY.md. Strict CSP, HSTS preload, anti-CSRF, brute-force lockouts, per-device JWT, hash-chained audit log.

[ISO/IEC]
ISO 27001 (Annex A)

Controls mapped clause-by-clause: A.5 policies, A.9 access control, A.10 cryptography, A.12 logging, A.13 network security, A.15 supplier risk, A.16 incident response.

[SOC 2]
SOC 2 Type II readiness

Trust Service Criteria CC1, CC6, CC7, CC8, CC9 all addressed. Audit trail, change management, vendor risk register, incident response playbook in place.

[NIST]
NIST 800-53 (Moderate)

AC (access), AU (audit), IA (identification), SC (system & comms), SI (system integrity) families. AU-9 tamper-evident logs verifiable live above.

[GDPR]
GDPR Articles 15 / 17 / 20 / 32 / 33

Right to access + export (Art. 15/20) and right to erasure (Art. 17) available from your Profile page. Breach notification process documented for 72-hour window.

[NIST]
NIST 800-63B passwords

12+ character minimum, blocklist against known breaches, no forced rotation, MFA-like passwordless magic-links. NIST-aligned, not 1990s-aligned.

Note on certifications: Vigilant Entities is built on these standards and ships with the documented evidence package (SECURITY.md, THREAT_MODEL.md, RBAC_MATRIX.md, INCIDENT_RESPONSE.md, BACKUP_RUNBOOK.md, VENDOR_RISK.md, CycloneDX SBOM). Formal certification audits for ISO 27001 and SOC 2 Type II are scheduled with our compliance partner — request status from security@vigilantentities.com.

[09]

Frequently asked

The questions auditors and CIOs actually ask us.

Do my AI prompts train someone else’s model?

No. Every external provider we route to (Anthropic, OpenAI, Gemini) is on the API contract that explicitly opts traffic out of training. When you connect your own AWS account and enable Bedrock, prompts + responses never leave your AWS region at all — even we cannot see them.

Where is my data physically stored?

Two places: (1) Application data in our managed MongoDB cluster (encrypted at rest via field-level + KMS) in the region you choose at sign-up; (2) Files + AI workloads in your own AWS S3 / Bedrock when you connect AWS, otherwise in our managed buckets. You can move to bring-your-own-cloud at any time from /dashboard/admin/aws.

What is the Sovereignty Score?

A live KPI on your AWS Connection page: % of LLM calls in the last 30 days that ran inside your AWS region (Bedrock) versus the shared VE LLM Gateway fallback. Auditors love it. It is regenerated every time you load the page.

What happens to my trade-secret codenames?

Add them to the Sovereign-AI Privacy Center. Every external LLM call passes through a regex redactor that replaces those tokens with [redacted-secret] before the prompt leaves the cluster. You can also disable individual built-in PII patterns if your workflow needs them intact.

Can other tenants see my data?

No. Every Mongo query is scoped by `tenant_id` server-side via a single `with_tenant()` helper that all 80+ routes share. Cross-tenant reads require the system_admin role and are logged. White-label tenants run in fully isolated rooms.

Do you protect against credential-stuffing or brute-force attacks?

Yes. Every failed login is logged with a sliding window — 5 failed attempts for the same email in 15 minutes triggers a 15-minute lockout, and 10 failed attempts from the same source IP triggers the same. Locked sessions get HTTP 429 with a Retry-After header (your client should respect it). The lockout check runs BEFORE bcrypt compare so an attacker hitting the limit never gets timing signal about whether the email exists. Admins see active lockouts on the Security dashboard and can clear them with one click. We do not use CAPTCHAs — this is a pure server-side mitigation.

What encryption do you use?

TLS 1.3 between the user and our ingress. TLS 1.2+ between our cluster and every external LLM provider (HTTPS over boto3 + the VE LLM Gateway SDK). At rest: per-document Fernet (AES-256) for sensitive fields, with the master key in a KMS-managed envelope. When you paste a CMK ARN on the Admin → Field Encryption page, every new write is wrapped with your CMK from then on.

Trust, but verify.

Login to your tenant, paste an IBAN into the Privacy Sandbox, and watch the redactor strip it before any prompt leaves the cluster. Then check your Sovereignty Score — and watch it climb as you migrate workloads to your own AWS.

Original text
Rate this translation
Your feedback will be used to help improve Google Translate