HomecaveauAITrust & Privacy
caveauAI Trust & Privacy

Your documents stay yours.

"Caveau" is French for vault — and that's the design intent. caveauAI is built so the documents you give it never leave the boundary you put them in. No cross-tenant access. No training on your data. EU hosting by default. Sovereign deployment when you need it.

Request a security review packet Architecture details
The six commitments

How caveauAI handles your data, in detail.

These are the operational commitments behind caveauAI. They apply across SaaS, private cloud, and sovereign deployments unless explicitly varied by contract.

Per-tenant corpus isolation

Every customer corpus is stored in its own logical partition with separate access keys, separate retrieval scope, and separate audit trails.

  • No cross-tenant retrieval — queries cannot reach another customer's corpus, even at the model layer
  • No cross-tenant training — your documents are never used to train, fine-tune, or evaluate models
  • Storage segmentation enforced in the vector store, the keyword index, and the application tier

Where your data lives

caveauAI shared SaaS runs in EU bare-metal datacenters. Private cloud and sovereign deployments can run anywhere you require.

  • Shared SaaS: EU (Hetzner FSN1 / HEL1) bare-metal — no US transfer for tenant data
  • Private cloud: customer-specified region in BNL infrastructure or your own VPC
  • Sovereign / on-prem: inside your perimeter, no outbound dependency on BNL

Encryption in transit and at rest

All traffic to and from caveauAI is over TLS 1.2+. Stored vectors, documents, and metadata are encrypted at rest.

  • TLS 1.2 minimum on the public application tier; TLS 1.3 supported
  • At-rest encryption on vector store, document store, and application database
  • Key management: per-tenant key derivation on private cloud and sovereign deployments

Identity, access control, and audit

Role-based access control governs who can read which corpora, who can ingest, and who can administer the workspace.

  • Role-based access on corpus, document, and tool level
  • API key scoping with per-key permissions and rate limits
  • Append-only audit log of queries, retrievals, and administrative actions
  • SSO available on private cloud and sovereign deployments

Citation integrity

Every generated answer carries the source chunk it was grounded in. Reviewers can verify before acting; auditors can replay the retrieval.

  • Citations are not hallucinated — they are the actual ranked retrieval chunks
  • Source chunks are stored with stable identifiers; an answer can be replayed weeks later
  • When retrieval finds no relevant evidence, the model is instructed to say so rather than invent

Model providers and policy

You choose which model providers are permitted for your tenant. Defaults err on the side of provider transparency.

  • Per-tenant allow-list of model providers (open-weight, hosted API, BYO key)
  • No customer data sent to any provider you have not explicitly approved
  • Provider responses inspected against retrieval evidence for grounding consistency
Special-case postures

When retention itself is the risk.

Some deployments cannot tolerate persistence at all. caveauAI supports stricter postures by configuration, not by hope.

Zero-retention mode

For sessions where persistence is itself a risk — the Do Better Norge advocacy tools, for example — caveauAI can run in zero-retention mode. Uploaded documents and transcripts live only in the active session and are discarded immediately afterwards. No row, no object, no cache.

Public tools site

tools.dobetternorge.no runs zero-retention against a shared, read-only corpus of Norwegian tribunal and ECHR decisions. Family case material is never written to disk and never enters the shared corpus.

Customer data and training

Blue Note Logic does not use customer corpus content to train, fine-tune, or evaluate any model. This applies across SaaS, private cloud, and sovereign deployments. Fine-tuning on customer data only happens when a customer explicitly contracts for it.

What we don't claim

Honest about the boundary.

caveauAI is engineered for trust, but Blue Note Logic does not currently hold SOC 2 Type II, ISO 27001, or sector-specific certifications. We are happy to walk a security review through the architecture, controls, and operational practices that underpin the commitments above.

For regulated industries, the recommended path is a sovereign or private-cloud deployment scoped against your specific compliance framework. Get in touch and we will pair you with an engineer for a technical review.

Request a security review packet.

Blue Note Logic will share architecture diagrams, access control specifications, and an operational runbook tailored to your review process.

Request the packet See architecture
AI Chat — Beta Testing, Online Soon