Trust & Security

Built for federal scrutiny.Open to your auditors.

Federal program officers, foundation auditors, hospital procurement, and nonprofit boards land here before they sign. So we wrote it for them.

What follows is what is true today, what is in progress, and what is not yet ours to claim. We will not gloss any of it.

Request our security packetsecurity@perpetualcore.com

Posturev1.0

Encryption: AES-256 / TLS 1.2+
Tenancy: RLS + per-tenant keys
Training data: Zero retention
Audit log: Immutable, exportable
Incident SLA: 24h notification

Data ownership

Your vault is yours. Forever.

Capture documents are sensitive. Past performance, partner letters, salary ranges, theory of change. We treat them like the contracts they are.

01 / 04

Your vault is yours

Every artifact you upload stays in your tenant. We don't reuse it across customers, aggregate it for benchmarks, or sell it.

02 / 04

Never in training pipelines

Vault content never enters any model training pipeline — ours, Anthropic's, or OpenAI's. Zero-retention headers on every inference call where the provider supports it.

03 / 04

Encrypted, per-tenant keys

AES-256 at rest. TLS 1.2+ in transit. Per-tenant encryption keys mean your vault decrypts under a key no other tenant can derive.

04 / 04

Exportable, any time

One-click export of every artifact, draft, revision, and log line. JSON or PDF. No retention lock-in.

Audit-grade activity log · Live today

Every prompt. Every retrieval. Every edit.

When a federal funder, FOIA request, or OIG investigator asks how AI was used in your submission, you hand them this. Timestamp. User. Agent. Artifact. Outcome.

Retrieval-level granularity
Not just ‘AI was used.’ Every vault chunk pulled, every embedding match, every re-rank score.
FOIA-ready, OIG-ready
JSON or CSV export with a cryptographic hash of the final submission. Drop into a disclosure response.
Append-only by design
Entries write to an append-only table. Customers cannot delete history. Neither can we.

activity_log.tailAppend-only

2026-05-09 14:22:08ZRETRIEVE

user:liana@example.org→vault://past-perf/dycd-2024-final.pdf

rag.k=8 score=0.91

2026-05-09 14:22:11ZDRAFT.section

agent:drafter→rfp://DOL-ETA-25-014/need-statement

model=claude-sonnet tokens_in=4218

2026-05-09 14:22:47ZFLAG

agent:reviewer→draft://need-statement#p3

ungrounded_claim → [VERIFY] inserted

2026-05-09 14:24:02ZEDIT.accept

user:liana@example.org→draft://need-statement#p3

manual_citation_added

2026-05-09 14:31:55ZEXPORT.pdf

user:liana@example.org→rfp://DOL-ETA-25-014/submission-v3.pdf

compliance_gate=passed sha256=9a3f…b201

Compliance posture

What we hold today. What we don't.

We will never tell you we have a certification we don't. If a row says “in audit window” or “on roadmap,” that is exactly what it means.

SOC 2 Type II

In audit window

Type I report available on request to qualified buyers. Type II observation period in progress with an AICPA-affiliated auditor.

GDPR / CCPA

Supported

DPA available. Customer-controlled data export and deletion. EU sub-processor list maintained on this page.

HIPAA

Available on Enterprise

BAA executed at Enterprise. PHI features gated behind tenant flag.

FedRAMP

On roadmap

Targeting FedRAMP Moderate through a 3PAO once federal pipeline justifies the investment. Not authorized today — say so on procurement forms.

ISO 27001

Aligned, not certified

Internal controls mapped to Annex A. We do not hold the certification. We will not claim otherwise.

PCI DSS

Out of scope

We do not store cardholder data. Stripe is the PCI-certified processor. SAQ A applies.

Tenancy & isolation

No cross-tenant anything.

RLS-enforced Postgres

Every vault, draft, and log row carries an organization_id. Postgres RLS policies block any query that doesn't match the requesting user's tenant. Verified by automated policy tests.

Per-org encryption keys

Each org has a dedicated DEK wrapped by a KEK in Supabase Vault. Compromise of one tenant's key cannot decrypt another's data.

No shared model state

We don't fine-tune shared models on customer data. Voice fingerprints are per-tenant prompt context, never weights.

request lifecycle

[1]user request → JWT with org_id claim[2]Postgres session → SET app.current_org = org_id[3]RLS policy → rows where organization_id = current_org[4]vault decrypt → per-tenant DEK[5]inference call → zero-retention header, scoped context only[6]log line → append-only audit_events

AI safety

The agent drafts. The human submits.

Federal funders are watching for hallucinated partners, fabricated outcomes, autonomous submissions. We engineer the product to make those failure modes impossible.

Vault-grounded drafting

Every claim is generated against retrieved chunks of your vault. The model is constrained to cite or flag — not invent. In private beta right now.

[VERIFY] markers

Anything the model can't ground in your vault is wrapped in a [VERIFY] marker before it lands in the editor. The reviewer re-flags any [VERIFY] that survives editing.

Reviewer flags. It does not submit.

The Opus reviewer reads against the funder's rubric and writes margin notes. It has no submit permission. It will never click Submit on your behalf. Shipping next this quarter.

Human-in-loop, by architecture

There is no autonomous submission path. The export-to-PDF action requires a logged-in human user with the right scope on that organization. The system refuses otherwise.

Subprocessors

Every vendor that touches your data, listed.

We notify customers 30 days before adding a new subprocessor.

Vendor

Role

Region

Anthropic

LLM inference (Claude — drafting, reviewer)

OpenAI

Embeddings + auxiliary inference

Supabase

Postgres, auth, storage, row-level security

US (East)

Vercel

Hosting and edge runtime

US / Global edge

Resend

Transactional email

Stripe

Payments and subscription billing

Anthropic
US
LLM inference (Claude — drafting, reviewer)
OpenAI
US
Embeddings + auxiliary inference
Supabase
US (East)
Postgres, auth, storage, row-level security
Vercel
US / Global edge
Hosting and edge runtime
Resend
US
Transactional email
Stripe
US
Payments and subscription billing

Incident response

When something breaks, you hear from us first.

Incident commitments are written into the DPA, not buried in a status page. The clock starts when we know — not when we're ready to talk about it.

24h
Initial customer notification
On suspected security incidents affecting customer data. Phone, email, in-product banner.
72h
GDPR Article 33 notification
Where the incident qualifies as a personal-data breach.
7d
Public postmortem
Root cause, blast radius, remediation, changes shipped — published within seven days of resolution.

Vulnerability disclosure

Found something? Tell us.

Coordinated disclosure. Email security@perpetualcore.com with the issue, repro steps, and any constraints. Acknowledgment within 48 hours.

Standard window is 90 days from acknowledgment to public disclosure, extendable when remediation requires it. Out of scope: denial of service, social engineering, physical attacks, and findings against third-party subprocessors.

No paid bounty at launch. We credit researchers by name and link in the relevant postmortem and the in-product changelog.

coordinated disclosure

→ security@perpetualcore.com
→ 48h acknowledgment
→ 90d disclosure window
→ credit on resolution
→ safe harbor for good-faith research

Procurement-ready

Send your security questionnaire. We answer fast.

Security packet, DPA, subprocessor list, architecture diagram, and a 30-minute review with our security lead. Most packets go out within one business day.

Request our security packet Talk to our security lead

NDA available · Mutual or one-way · Same day