Security & Governance

For the teams that
read the fine print.

A live audit ledger, a policy gate that sits on the action path, role-enforced retrieval, isolated runtimes, and per-team budgets that fire before the call leaves the platform.

Book a security review Tour the platform

01Audit ledger02Policy gate03Identity-led access04Isolated runtimes05Data06Budgets as control07Compliance

Audit ledger

Every action,
forensically captured.

An immutable record your auditor will read end-to-end. Streams live to your SIEM.

Audit ledger · thread #4f2e

Streaming

10:14:02plan.decomposeChief of Staff · 3 sub-tasks

10:14:03role.checkFinance Analyst → allowed

10:14:04tool.invokefinance.read_aging() · 247 rows

10:14:06pii.guardrailredacted 12 emails

10:14:08budget.charge$0.04 → finance-team

10:14:09audit.commitlogged · cid 0x4f2e

10:14:11approval.requestmanager: tim.lou

10:14:23approval.granttim.lou · ✓

10:14:24tool.invokegmail.draft_emails · 14

10:14:31channel.post#ar-team thread

10:14:02plan.decomposeChief of Staff · 3 sub-tasks

10:14:03role.checkFinance Analyst → allowed

10:14:04tool.invokefinance.read_aging() · 247 rows

10:14:06pii.guardrailredacted 12 emails

10:14:08budget.charge$0.04 → finance-team

10:14:09audit.commitlogged · cid 0x4f2e

10:14:11approval.requestmanager: tim.lou

10:14:23approval.granttim.lou · ✓

10:14:24tool.invokegmail.draft_emails · 14

10:14:31channel.post#ar-team thread

10 events captured · streamed to your SIEM

Policy gate

Guardrails on
every action.

Role checks, data scope, PII, budget, approval — evaluated before execution. Not in a doc, not on a wiki, on the rail itself.

Policy gate

live evaluation

Role check

Finance Analyst → allowed

Checking

Data scope

business_unit = finance

PII guardrail

redacted 12 emails on output

Budget cap

$0.04 of $25 daily

Approval

manager: tim.lou

Action allowed

send · gmail.draft

Identity-led access

Inherited from your directory. Always.

Roles, business units, manager hierarchy, team membership — all sourced from your IdP. We never become an alternate identity store. When a user leaves, their access leaves with them on the next sync.

Controls in this layer

Entra ID and Okta supported out of the box
Manager-led ownership inferred and surfaced
No bypass keys, no internal admin override
Sign-in activity captured for dormant detection

Isolated runtimes

Bounded by design.

When an agent runs code, drives a browser, or opens a development session, it lands in an isolated runtime. Per-invocation isolation. No persistent state. No shared credentials. No internal network reach unless you grant it.

Controls in this layer

Per-invocation isolation, no leftovers
No inherited platform credentials
Hard execution budget per run
Per-org sandbox tenancy on enterprise

Data

Stays where it lives.

EmployeeX retrieves under role from your existing data stores. We don’t copy your data into a private vector index by default. If you opt into indexing for performance, content stays inside the residency you choose.

Controls in this layer

Australia, Europe, and US residency options
AES-256 at rest, TLS 1.2+ in transit
Per-tenant data isolation
BYOK and customer-managed keys on enterprise

Budgets as control

Cost, governed.

Every model call hits a per-team budget. Caps fire before the call leaves the platform. Finance sees real allocation per team, per profile, per channel — not a surprise invoice at month end.

Controls in this layer

Per-team monthly budgets, hard or soft caps
Per-profile cost attribution
Per-channel cost reporting
Pre-flight budget check on every request

Compliance