How We Protect Your AI Interactions
Every AI request flows through our robust policy enforcement engine, ensuring real-time compliance, auditing, and control
How containment.ai protects your data, the controls behind the platform, and our compliance roadmap. We are pre-ATO and not yet certified — this page is honest about what is shipping and what is in progress.
Every AI request flows through our robust policy enforcement engine, ensuring real-time compliance, auditing, and control
We collect only the data required to operate the service and enforce your governance policies. Your data is never used for any other purpose.
Customer data is never used to train AI models - yours or anyone else's. Your prompts, responses, and policies remain completely private.
Set your own data retention policies. Export audit logs at any time. Delete data on demand. You control how long we keep your information.
Transparent data practices with complete audit trails. Know exactly what data we have and how it's used. Export logs in multiple formats.
GDPR, CCPA, PIPEDA, and other privacy regulations built into our platform architecture. Data residency options available.
On-premise and air-gapped deployment are on our Enterprise roadmap and not yet generally available. The goal is complete data sovereignty with offline policy enforcement for the highest security requirements. Contact us to discuss high-assurance deployment requirements.
Our privacy team is here to answer any questions about data handling, retention, or compliance.
privacy@containment.ai →Security isn't a feature - it's the foundation of everything we build. Our platform is designed with defense-in-depth principles from the ground up.
AES-256 encryption at rest, TLS 1.3 in transit. All data is encrypted before it touches disk. Key rotation and HSM protection included.
SSO/SAML, multi-factor authentication (MFA), and granular role-based access controls (RBAC). Support for hardware security keys.
Secure SDLC with automated SAST/DAST scanning, dependency monitoring, and code review requirements. Security training for all engineers.
Independent audits and penetration testing as we complete our compliance roadmap; continuous dependency and vulnerability scanning today.
Real-time threat detection and automated incident response. Uptime targets are defined per Enterprise SLA.
Continuous vulnerability scanning, automated patching, and a responsible disclosure program. Bug bounty program coming soon.
Report security vulnerabilities directly to our security team. We take all reports seriously.
security@containment.ai →We are actively pursuing these certifications and building our platform to meet these rigorous standards from day one
containment.ai does not currently hold any of the formal certifications below. The list distinguishes auditable certifications we are actively pursuing from regulatory frameworks our platform is designed to map policy enforcement to. Nothing here should be read as held or authorized status. For the full posture, see our Compliance page.
Access our security documentation, compliance reports, and legal agreements
Containment by Design - ten principles for securing AI systems that reason, adapt, and act autonomously.
Independent audit report covering security, availability, and confidentiality controls.
Comprehensive compliance guides for HIPAA, GDPR, FedRAMP, and other regulatory frameworks.
Our security and compliance teams are here to help. Reach out with any questions about our practices, certifications, or how we can meet your specific requirements.
Contact Security Team Contact Compliance Team