Built for regulated workloads from day one.
Compliance is not a paywall. SSO, audit logs, region pinning and PII controls ship in every tier — including the free one.
Type II
Annually audited. Latest report available under NDA.
Ready
BAA available on Enterprise. PHI never leaves your region.
In audit
Stage 2 audit scheduled Q2. SoA available on request.
Compliant
EU residency. DPA, SCCs and TIA on file.
Zero-trust by default.
- — All traffic mTLS between every service. No internal plaintext.
- — Encryption at rest (AES-256) and in transit (TLS 1.3) across all stores.
- — Customer-managed encryption keys (CMEK) available on Enterprise.
- — No prompt or completion data is used to train any model, ever.
- — Hardware-backed key isolation in HSM-signed envelopes.
- — Quarterly third-party penetration tests. Reports on request.
Your data. Your region. Your rules.
Region pinning
Pin workloads to EU, US, UK, AU or specific on-prem clusters. Enforced at the router; auditable per request.
PII redaction
Optional pre-flight scrub of emails, phone numbers, IDs and PHI before requests leave your environment.
Retention windows
0 / 24h / 7d / 30d / forever — per workflow. Cryptographic deletion at expiry.
Audit log
Immutable, exportable to your SIEM. Every config change. Every call. Every retry.
Real enterprise SSO. Not just Google login.
- — SAML 2.0 and OIDC via Okta, Azure AD, Google Workspace, JumpCloud, OneLogin.
- — SCIM 2.0 provisioning and deprovisioning.
- — Role-based access with per-workflow scopes.
- — Hardware key (WebAuthn) enforcement on admin actions.
- — Session policy: max length, IP allowlists, device posture (Enterprise).
Need a SOC 2 report, DPA, or pen-test summary?
Email security@inferly.com — turnaround under one business day.