6 security planes, 4 residency modes, and a governance framework designed to protect your data and control.
Each plane is deployed across a 3-generation roadmap — from basic to enterprise-grade.
Passkeys, SSO basic at Gen 1. Step-up auth and session risk scoring at Gen 2. Enterprise SCIM/SAML federation at Gen 3.
Gen 1: Build Gen 2: +step-up Gen 3: +SCIMService keys and rotation at Gen 1. Tenant keys and regional separation at Gen 2. Customer-managed keys (BYOK) at Gen 3.
Gen 1: Build Gen 2: +tenant Gen 3: +BYOKEdge protection and WAF at Gen 1. DDoS mitigation and mTLS internal at Gen 2. Private link and dedicated network lanes at Gen 3.
Gen 1: Build Gen 2: +DDoS Gen 3: +privateEncryption at rest/transit at Gen 1. Field-level encryption and redaction at Gen 2. Tokenization and sovereign data lanes at Gen 3.
Gen 1: Build Gen 2: +field-level Gen 3: +tokenizationSandbox and capability tokens at Gen 1. Full tool permission matrix at Gen 2. Air-gapped execution at Gen 3.
Gen 1: Build Gen 2: +permissions Gen 3: +air-gapBasic approval chain at Gen 1. Evidence store and anomaly detection at Gen 2. Compliance export logs and audit API at Gen 3.
Gen 1: Build Gen 2: +evidence Gen 3: +audit APIChoose how your data is stored and processed.
Data processed via Cloudflare global edge. Suitable for most personal and professional use cases.
Data kept within Southeast Asia region. Suitable for businesses with localization requirements.
Dedicated instance for your organization. For enterprises requiring isolation. Gen 2+.
On-premise or sovereign cloud. For government, defense, healthcare. Gen 3 / Research.
No connection is trusted by default — every request must be authenticated and authorized.
Data is encrypted at rest and in transit. No exceptions for production data.
AI Computer has only the minimum permissions needed. Tool access is controlled by capability tokens.
Every action by AI Computer is logged. Evidence store enables review and compliance.
When errors occur, the system fails to a safe state — no data leak, no auth bypass.
Users choose where their data is processed. We never force global when user chooses regional.
Disclosure: Sovereign compute and dedicated clusters are Generation 3 capabilities (Research). Not currently available for production. We do not claim to have this capability until it is complete.