Skip to content
Back home

Security & compliance

Audit-ready, because you can read the code

The privacy boundary is open source. Your reviewers can confirm exactly what is captured and what is dropped, line by line, before anything is deployed. No certificate to take on faith.

Two-layer boundary

The SDK redacts in the page, but the backend never trusts the client. Every trace is scrubbed again on the server before it is stored. Defense in depth, proven by a named test.

Never captured

Screenshots / videoInput valuesPage text / DOM contentRaw URLsRequest / response bodiesCookies / headersSSNs, account & card numbersRaw logs / stack traces

Mapped to the regulations your reviewers cite

SEC Reg S-P (2024)

Safeguards and recordkeeping. Incident records retained five years.

2026 interagency MRM guidance

Auditability, ongoing monitoring, and human oversight of model use (supersedes SR 11-7).

NIST AI RMF

Data governance, documentation, accountability, incident response.

test_scrubber.pytest_profiles.pytest_golden_path.pytest_repro_eval.py.importlintertest_compliance.py
COMPLIANCE-EVIDENCE.mdThe regulation crosswalk and the named tests that back each control.THREAT-MODEL.mdAssets, trust boundaries, and the threats the design addresses.SECURITY.mdDisclosure policy and supported versions.INCIDENT-RESPONSE.mdThe org-wide kill switch and containment procedure.
Request the compliance packetSelf-host it yourself