Security and Deployment

Your environment.
Your control.
Zero data egress.

OramisAI is enterprise software, not a SaaS platform. It runs inside your own infrastructure, using your own API keys, with no shared tenancy and no vendor data access by default.

Deployment Architecture

Everything stays inside your perimeter.

All components shown below run inside your infrastructure. OramisAI itself never sees your data.

Your Infrastructure Perimeter
Staff Chat Interface
ai.yourcompany.com
OramisAI Control Layer
Policy, Memory, Routing, Audit
Vector Memory Store
Corporate knowledge base
Audit Log Store
Full interaction history
Policy Engine
Rules and detection
Admin Control Panel
admin.oramisai.yourcompany.com
All data remains within this boundary. OramisAI has no access to your prompts, responses, or memory.
External — accessed only via your own API keys
OpenAI (GPT-4o)
Anthropic (Claude)
Google (Gemini)
Your own model deployments

Security Principles

Six security foundations.

01

Zero Data Egress by Default

No prompts, responses, or memory data leave your infrastructure unless explicitly configured. OramisAI operates entirely within your perimeter.

02

Your API Keys, Your Models

OramisAI routes through your own model subscriptions. Your keys are held in your environment and never transmitted to OramisAI systems.

03

No Shared Tenancy

Each deployment is fully isolated. Your instance does not share infrastructure, databases, or compute with any other customer.

04

Privacy by Design

GDPR-aligned architecture. PII detected and anonymised before external transmission. Data subjects protected by architecture, not policy alone.

05

Complete Audit Trail

Every interaction logged with full attribution: user ID, timestamp, model, policy decisions, memory injections, and overrides. Tamper-evident and exportable.

06

Role-Based Access Control

Granular permissions enforced at every layer. No user accesses functionality beyond their assigned role, regardless of technical access.

Compliance Posture

Built for regulated environments.

OramisAI is designed for organisations operating under regulatory obligations. The architecture aligns to major compliance frameworks, with audit documentation available on request.

Government, financial services, legal, and healthcare organisations have specific requirements around data sovereignty and AI governance. OramisAI is built with these in mind from the ground up.

Discuss your requirements

GDPR Aligned

PII detection and anonymisation built into the data flow. No cross-border transfer of personal data without explicit configuration.

Architecture-level

SOC 2 Alignment

Controls mapped to SOC 2 Type II trust service criteria. Full documentation and third-party assessment support available.

Documentation available

ISO 27001 Controls

Information security controls aligned to ISO 27001. Access controls, audit logging, incident management, and data classification supported natively.

Controls mapped

Data Sovereignty

Deploy in your chosen region. Full control over data residency, processing location, and cross-border transfer restrictions.

Your region, your rules

Questions about your requirements?

We work through security reviews and compliance assessments with every customer.

Book a DemoExplore the product