Enterprise

AI agents your security team can sign off on

Deploy on your hardware, in your cloud account, or across both. Your data stays inside the boundary you choose, and we bring the evidence your procurement process asks for.

Deployment options

Three boundaries, one platform. Pick the one your compliance regime requires; you can move between them as needs change.

On-premise

The full stack runs inside your own data center, with air-gapped configurations supported.

Best for

Regulated environments where data must stay on hardware you own and operate.

  • Full data sovereignty
  • Complete control over hardware and network
  • Fits strict compliance regimes

Private cloud

A dedicated, isolated environment in your cloud account, deployed and managed by our team.

Best for

Teams that want isolation and fast rollout without running physical hardware.

  • Dedicated environment, no shared tenancy
  • Rapid managed deployment
  • Private networking to your data sources

Hybrid

Sensitive data stays on-premise while cloud resources handle model work and scale.

Best for

Organizations that need cloud capability without moving regulated data off-site.

  • Sensitive data never leaves your boundary
  • Cloud compute for model workloads
  • One architecture, two trust zones

Model options

The deployment boundary decides which models make sense. All three options work under our management.

Local models

7B to 70B parameter models running on your hardware, optimized for enterprise infrastructure, with custom fine-tuning on your domain.

Cloud models

GPT-4 and Claude integration with multi-model routing and automatic failover, so no single provider outage takes your agents down.

Custom models

Bring your own model or have one trained for your domain, with version control and rollback so every change is reversible.

Security and compliance

Data protection

End-to-end encryption in transit and at rest, data anonymization where appropriate, and automatic PII detection before data reaches a model.

Access control and authentication

Role-based access control, multi-factor authentication, full audit logging, and detection of suspicious activity.

Compliance posture

Practices aligned to SOC 2 controls and ISO 27001 information security principles, built to support GDPR and CCPA obligations, with HIPAA-aware handling for healthcare engagements.

Secure development

Security-first engineering: code scanning, containerized deployments, and CI/CD pipelines with security checks built in.

Compliance posture varies by deployment model and engagement scope. We confirm current status and provide supporting evidence during your security review rather than asserting blanket certifications on a marketing page.

Built for procurement

The unglamorous parts of an enterprise purchase, handled up front.

Security review

Bring your questionnaire. We walk your security team through architecture, controls, and data flows, and provide evidence for our compliance posture during evaluation.

Data residency

Keep data within specific geographic boundaries, with configurable retention policies and data processing agreements that state plainly how your information is handled.

SSO and identity

Integrate with your identity provider for single sign-on, map roles to your existing groups, and keep one source of truth for who can do what.

Your data stays yours

Proprietary data is encrypted in transit and at rest, access is limited to authorized personnel on a need-to-know basis, and your data is never used to train models for other clients. Document integration, database connectors, and secure file upload all run through the same access controls, so what an agent can see is exactly what you decided it can see.

Bring your security questionnaire

We are happy to walk through architecture, controls, and evidence with your security and procurement teams before any commitment.

Talk to us See our process

Want the self-serve route inside your boundary? Ask us about the CraftAgent builder for enterprise teams.