Security & Trust

We sell security. We take ours seriously.

UK-sovereign infrastructure, zero-trust architecture, open reasoning trails on every AI decision. Here's exactly how your data is protected.

UK Sovereign
Azure UK South — all data stays in the UK
Key Vault
All credentials in Azure Key Vault, HSM-backed
Zero Trust
Managed Identity only — no secrets in code
Open Trail
Every agent call logged, inspectable, replayable
Zero-trust architecture

No secrets in code. No keys in transit. No data leaves the UK.

Your M365 / GWS tenant
scoped OAuth consent
SocSage · Azure UK South
Managed Identity + Key Vault
Four scoped principals
GraphAPI / Sentinel / Azure RM / Defender
Per-tenant Key Vault
HSM-backed, RBAC-enforced, audit-logged
Agent orchestration
Azure Functions + Container Apps
Reasoning trail
Azure Monitor, 7-year retention
LLM inference
Azure OpenAI · UK South · no retention
Human-in-the-loop
Slack / Teams / PagerDuty MFA
Data principles

Three rules, no exceptions.

Your data is yours.

We never use customer telemetry to train third-party models. Azure OpenAI contractually excludes it. Zep Cloud memory is per-tenant, never fleet-pooled without explicit opt-in.

Everything is logged.

Every agent action, every tool call, every HITL approval is captured in an append-only audit log. Retained for 7 years, exportable to your SIEM, tamper-evident with hash chains.

Nothing leaves the UK.

All storage, inference, and processing happens in Azure UK South. No cross-region replication. No fallback to EU or US. If you're a UK public-sector customer, we meet the data-sovereignty bar out of the box.

Explainable by default

Open the AI and look inside.

No black-box decisions. Every agent run emits a structured trace: which tools it called, what they returned, which D3FEND measure was selected, and why. Audit-ready on day one.

  • OpenTelemetry traces for every agent invocation
  • Replay any incident step-by-step
  • Tamper-evident hash chain on all logs
  • Export to your SIEM on demand
[audit.log · INC-2026-04817]
agent: blue-team-t1
tool: virustotal.lookup(41.203.64.12)
result: {"malicious": 72, "total": 89}
signed: sha256:7c2a…f819
agent: threat-assessor-t2
reasoning: "IP appears in 72/89 vendor databases with high confidence. Recent cert shows Lagos origin. Correlates with T1078.004."
decision: escalate → HITL gate
signed: sha256:a4b1…e293
gate: hitl.slack
decision: approved · session_revoke + quarantine
mfa: passed (push)
signed: sha256:1e92…c4f0
Certifications & accreditations

Audited. Accredited. Ongoing.

ISO/IEC 27001:2022
ISO/IEC 27001:2022Information security
ISO 9001:2022
ISO 9001:2022Quality management
ISO/IEC 42001
ISO/IEC 42001AI management system
Cyber Essentials Plus
Cyber Essentials PlusRenewed annually
AICPA SOC
SOC 2 Type IIAICPA Trust Services
UK GDPR
UK GDPRICO registered
National Cyber Security Centre
NCSC-alignedCyber Assessment Framework
CSA STAR Level 1
CSA STAR Level 1CAIQ v4 self-assessment

Contact [email protected] to request our security pack, pentest report, or CAIQ questionnaire.

Security isn't a checkbox. It's a posture.

See the trust pack. See the audit trail. See exactly what we do with your data.

Start free trial About Reddome →