All features AI Trust & Data Governance

Your clients' data never trains, never leaks, never lingers

Before any prompt leaves our platform, every client identifier is swapped for an opaque token and re-hydrated locally. Evidence files are reduced to text or refused outright. The AI works on placeholders — and you hold the switches.

Get started See the platform
0raw IDs sent to AI
8identifier classes masked
Neverused to train models
prompt · outbound to AI 0 raw
ORGNorthwind Traders →[ORG_1]
HOSTmail.northwind.internal →[HOST_1]
IP203.0.113.42 →[IP_1]
ARNarn:aws:iam::acct-8842 →[ID_1]
PII512-84-2200 →[SSN_1]
Layer 2 · pseudonymization

Tokenized before it's ever sent

Every client identifier goes through a scrubber on the way out and a re-hydrator on the way back. The prompt that reaches the AI carries opaque tokens — [ORG_1], [HOST_1], [IP_1] — never the real thing. The token-to-value map never leaves the process, so only we can turn those placeholders back into your client's data.

Cloud identifiers

ARNs, AWS account and Azure subscription IDs, resource IDs like sg-* and vol-*, and bucket or tenant names — the strings an attacker could pivot on — are replaced with opaque tokens before any prompt leaves.

Hosts & public IPs

Hostnames and public IPv4 addresses are masked to tokens. Private and invalid IPs are deliberately left alone — they carry no exposure, so tokenizing them would only add noise the AI has to reason around.

People, orgs & domains

Client and organization names, domains, email addresses and personal names are swapped for stable tokens — so the model can reason about "the client" without ever learning who the client is.

PII safety net

US Social Security and phone-number patterns are caught as a catch-all for stray identifiers a caller didn't explicitly enumerate. Technical strings that aren't identifiers — a CVE ID like CVE-2021-44228 — are left untouched so findings still read correctly.

Stable within a prompt

The same value always maps to the same token inside one request, so the AI reasons about it consistently — [HOST_1] is the same host everywhere in the prompt. It just never learns the real name behind it.

Re-hydrated locally

When the response comes back, tokens are swapped for the real values on our side before anything is stored or shown. The map that could re-identify the data stays in-process and never touches the AI.

Evidence uploads · the input boundary

Text-only by design

When your team uploads evidence for AI review, the file is turned into plain text on our servers — or turned away. No raw file bytes ever reach the AI. If a document has no readable text, it's rejected with a 415 before a single byte is sent anywhere.

What's accepted

Plain text, CSV, Markdown, JSON and XML, PDFs that carry a real text layer, and Word .docx files. Each is reduced to its readable text locally, and only that text is ever reviewed.

What's turned away

Images and scanned or image-only PDFs are rejected outright with a 415, along with any other binary. If there's no selectable text, it never becomes an AI prompt — full stop.

Extracted locally, not in the cloud

Text is pulled with native tooling on our own infrastructure — not by shipping the file off to an AI to read. The extractor is the boundary: raw bytes stop here, only text moves forward.

Your controls

You hold the switches

AI isn't an all-or-nothing bolt-on you can't inspect. Every governed feature has an off-switch the platform actually enforces, every AI call is written to an auditable ledger, and one honest manifest states — per feature — exactly what data it touches.

Per-feature AI toggles

Turn any governed AI feature off for an account and the platform enforces it at the route — a disabled feature simply won't run, and it fails closed if anything is uncertain. Changing the switches is owner- and admin-only, and features only run after your account accepts the AI-processing disclosure.

An auditable activity ledger

Every AI call is written to a usage ledger, so there's a running, reviewable record of what ran and when — not a black box you have to take on faith.

A governance manifest you can read

One machine-readable manifest — GET /api/ai/governance — lists every AI feature, what data it touches, and our data-handling posture. It's the same set of facts this page is built on, kept honest at the source.

The honesty layer

AI that never pretends to be more than it is

Trust isn't just where the data goes — it's whether the output is honest about itself. Anything the AI writes is clearly labeled AI-generated. Verified facts read live from a tool's API and attested facts declared by the client are never blurred together in a report. Nothing is dressed up to look like more than it is.

  • Every AI output clearly labeled "AI-generated"
  • Verified vs attested never blurred in any report
  • Only features we truly enforce show a real off-switch
  • The AI never sees raw client identifiers or raw files
See AI in action
100%
Tokenized
before any prompt leaves
Straight answers

Is my client data safe with your AI?

The questions every MSP owner asks before letting AI near a client's environment — answered plainly.

Does our client data train AI models?

No. Inputs are processed under our AI provider's commercial, no-training terms — your data is never used to train models.

Is our data retained by the AI?

We send only tokenized text — never raw files and never raw client identifiers — so there's nothing sensitive to linger. Files are reduced to text locally or rejected before anything leaves.

Who can actually see it?

AI features run only after your account accepts the AI-processing disclosure, and they only ever receive pseudonymized text. The token-to-value map that could re-identify it never leaves our platform.

What happens to evidence files we upload?

Text is extracted locally; images and scanned PDFs are rejected outright with a 415. Only readable text is ever reviewed — the original file bytes are never sent to AI.

Can we turn AI off?

Yes. Every governed AI feature has a per-account switch enforced at the route. Nothing AI-driven runs against your data unless it's turned on — and toggling it is owner- and admin-only.

How do we know what the AI does?

A single honest manifest lists every AI feature, what it touches and our data-handling posture, and every call lands in an auditable ledger. Outputs are always labeled AI-generated.

Bring AI to your clients without handing over their data

Tokenized prompts, text-only evidence, and a switch for every feature — governed from day one.