Security & trust

Built for teams whose data can't leak.

This page explains, in plain English, how we handle confidential information, what gets recorded, and what we will never do. If you're the person responsible for compliance, legal, or IT, this page is for you.

Our commitments

What we will never do.

Your confidential files never go to public AI tools.

Your data is never used to train models. Not ours, not anyone's.

We take no vendor commissions and sell no tools of our own.

We never remove your approval authority. Compliance, legal, and IT sign off on every setup.

These aren't marketing lines. They're how every engagement is scoped, and your team can hold us to each one in writing.

Private AI architecture

Where your data can live.

For confidential work, there are three ways to run AI privately. We select the architecture together with your compliance, legal, and IT teams — never on our own.

Local model on your hardware

The AI model runs on machines you own, inside your office or data center. Nothing leaves the building.

Best for
The most sensitive material: NDA files, internal diligence, anything that must stay on-premises.

Private cloud in your environment

The model runs inside your own cloud account, under your access controls and your logging. We configure it; you hold the keys.

Best for
Teams already operating in a cloud environment who want privacy without buying hardware.

Enterprise private endpoint

A dedicated connection to a commercial model under enterprise terms: no training on your data, contractual data handling, admin controls.

Best for
Work that benefits from the strongest commercial models but still needs contractual protection.
The saved record

Every AI-assisted task leaves a trail.

Six things are saved for every AI-assisted task, designed to support your recordkeeping and supervision process. Final supervisory and recordkeeping decisions remain with you.

What was asked

The request, in the user's own words, with date and person.

Which tool answered

Which approved assistant, workflow, or private workspace handled it.

Sources used

The public links, exports, or private files the answer was based on.

AI's first draft

The model's output before any human edits, saved exactly as produced.

Human changes

What the reviewer changed, removed, or approved. And who did it.

Final record

Where the final version lives, who approved it, how to find it again.

Honest about limits

AI makes mistakes. We don't deny it. We design for it.

Any vendor who tells you their AI setup never gets things wrong is selling you something. Ours gets things wrong too. The difference is that every setup we build assumes mistakes will happen and puts a human check between the model and anything that matters.

Passage-level citations

Answers point to the exact passage they came from, so every claim is checkable against the source.

Human review before use

Nothing AI produces is used or shared until a person on your team has reviewed it.

Warning flags for sensitive topics

Workflows flag material that touches sensitive areas so it gets extra scrutiny, not less.

Written do's and don'ts per tool

Every tool ships with plain-English rules: what it's for, what it must never be used for.

No lock-in

If we part ways, you keep everything.

We're model-agnostic and hold no reseller relationships, so nothing we build ties you to a vendor — or to us. Everything we configure is documented and belongs to you.

The tools and their configurations
The prompts and templates
The workflows and review steps
The saved records, in full
Documented, portable, and yours from day one
Quick answers

The questions your CCO will ask.

Do you sign NDAs?

Yes. Before we see anything.

Who owns the work product?

You do. Tools, prompts, workflows, records — all of it.

Do you access our systems?

Only what's scoped and approved, and only alongside your IT team.

What AI vendors do you use?

Whichever fit your rules. We're independent and hold no reseller deals, so the recommendation is never about our margin.

Bring your CCO to the first call.

We'd rather answer the hard questions on day one. Bring compliance, legal, or IT — the setup only works if they trust it.

NDA-friendly. No obligation. Or email hello@cleverfoxailabs.com