Encryption at rest
Stored data and secrets are encrypted at rest with AES-256; provider keys and connector vault secrets are sealed and fail closed without a configured encryption key — no run starts on a missing key.
Cortex is the operating system for governed AI agents — so trust is the product, not a page. Here is exactly how we secure your data, which subprocessors we use, the SLAs we commit to, where your data can live, and the frameworks we align to. Every run is recorded in a tamper-evident Trust Ledger your auditors can verify offline.
Aligned with EU AI Act · NIST AI RMF · ISO 42001 · last updated June 29, 2026
Cortex is built for and aligned with the controls below, with one-click evidence export through Compliance Packs. We say aligned with, never certified — certifications are pursued, not claimed.
aligned with · not certified — request our control mappings under NDA
Encryption in transit and at rest, strict per-tenant isolation, and retention you control — the defaults a regulated buyer expects, enforced by the runtime rather than by policy alone.
Stored data and secrets are encrypted at rest with AES-256; provider keys and connector vault secrets are sealed and fail closed without a configured encryption key — no run starts on a missing key.
All traffic runs over TLS 1.2+. Session cookies are marked Secure in production, and internal service calls are authenticated so the audit and event write paths cannot be forged.
Every tenant-owned resource is keyed and queried on (tenantId, id). The gateway pins the trusted tenant from the API key and overwrites any caller-supplied identity — one tenant can never reach another's data.
You set retention windows per data class; on contract end we delete or return your data on request. The Trust Ledger keeps tamper-evident proof of every deletion event.
Cortex records every gate decision and data event in a hash-chained Trust Ledger with signed receipts. verifyChain detects any insert, edit, delete, or reorder and returns the broken sequence — so your auditors can confirm integrity themselves, without trusting us.
We keep the list short and the purposes narrow. Model providers are reachable only through the policy- and quota-governed Router, and on air-gapped deployments every external provider can be removed entirely in favor of local models.
Availability targets, support response times, and recovery objectives scale with your plan, backed by service credits when we miss. Status and incident history are published to a live status page.
From fully managed cloud to a single-tenant VPC in your region to a fully air-gapped install — the same governed runtime, the same gates, wherever your residency and sovereignty rules require.
Fully managed SaaS with per-tenant logical isolation — every resource keyed and queried on (tenantId, id), the tenant pinned from the API key.
Dedicated deployment inside your cloud account or region. Data never leaves your perimeter; you control residency, keys, and network policy.
Run the full runtime with local models via the compute broker — no outbound provider calls. Signed Solution Packs install offline and verify by hash.
Fail-closed gates, scoped RBAC, DLP, detection & response, and multi-tenant isolation — mapped to the frameworks your auditors already use. Aligned with, not certified.
The whitepaper, control mappings, and current subprocessor register — everything your procurement and security reviewers ask for.
Architecture, the eight governance gates, encryption, isolation, and detection & response — the full posture in one PDF.
How Cortex controls map to SOC 2, ISO 27001/42001, the EU AI Act, and NIST AI RMF — available under NDA.
The current list above, with 30 days' notice before any new subprocessor processes your data.
trust-center ▸ last updated June 29, 2026
Encryption, isolation, named subprocessors, real SLAs, flexible residency, and a ledger your auditors can verify — ready before you deploy.