Security & Trust · pre-seed posture

Autonomous decisions, auditable controls.

We're pre-seed. We don't yet have a finalized SOC 2 report — but we've architected the substrate so that every decision is logged, attributable, and reproducible from day one. That foundation is what makes Type I attestable in 2026 and Type II by 2027. This page is the honest current posture.

Request the trust pack → See roadmap

Posture

Three principles that don't bend.

Security at Allometry isn't a checklist — it's the architecture. We chose primitives that make the right thing the default, and the wrong thing impossible.

§ 01

Read carefully. Write deliberately.

Allometry reads broadly across your stack to compute decisions, but writes are scoped, gated by policy, and always audit-trailed. No blind automation against systems of record.

— scoped service accounts

§ 02

Models don't see what they don't need.

Account-level isolation, per-tenant key management, and field-level redaction at the inference boundary. Your customer data stays your customer data — even from us.

— BYOK · field redaction

§ 03

Every decision is reproducible.

Every output ties back to a model card, a policy version, a feature snapshot, and the inputs available at decision time. Audit isn't bolted on — it's the substrate.

— immutable decision log

Compliance roadmap

Frameworks & certifications — honestly.

Pre-seed, pre-revenue-scale companies don't have multiple active certifications. We don't either. What we have: a substrate architected for them, and a calendar of when each one lands.

SOC 2 Type I Target · H2 2026 Auditor · TBD (post-Seed) On roadmap

SOC 2 Type II Target · 2027 Following 12mo of Type I controls On roadmap

GDPR · CCPA DPA template ready Sub-processors disclosed below Available

ISO 27001 Target · 2027 Aligned to controls below Architected for

Design partners get bilateral MSAs with security controls explicitly listed. ISO 42001 (AI management system), HIPAA BAA, and FedRAMP are not on the 2026 roadmap — we will not claim them until they are. Honest answer to "are you SOC 2?" today: Type I in progress · Type II in 2027.

Controls

Sixteen controls. Designed in.

The technical controls the substrate is built to satisfy — the architecture that makes a clean Type I audit possible. Not third-party-attested yet. Honest engineering, in flight.

C.01Encryption at restAES-256 across all storage tiers — application data, model artifacts, logs, and backups.

C.02Encryption in transitTLS 1.3 enforced on every external interface; mTLS between internal services.

C.03Key managementPer-tenant keys via AWS KMS / GCP KMS. BYOK supported for Enterprise.

C.04Tenant isolationLogical isolation enforced at the data, compute, and inference layers — verified by automated tests in CI.

C.05Identity & SSOSAML 2.0 and OIDC. SCIM 2.0 user provisioning. MFA enforced by default on Enterprise.

C.06Role-based accessGranular roles for analyst, operator, approver, auditor — with per-loop scopes.

C.07Audit loggingImmutable, tamper-evident decision log. Streamed to your SIEM via webhook or S3.

C.08Model cardsEvery production model documented with intended use, evaluation, and known limitations.

C.09Secrets handlingVault-backed; rotated automatically; never available to inference workloads.

C.10Vulnerability mgmtContinuous SAST/DAST; dependency scanning; quarterly third-party pen testing.

C.11Incident responseFounder on-call today; SOC 2 Type I rollout includes formal on-call rotation. Customer notification within 24h of confirmed material incident is the standing commitment.

C.12Backup & DRCross-region replication. RPO ≤ 15min, RTO ≤ 4h for production tenants.

C.13Sub-processorsPublic list maintained on this page. 30-day notice for material changes.

C.14Data residencyUS, EU, and CA regions available. Single-region pinning supported on Enterprise.

C.15PII redactionField-level redaction at the inference boundary; configurable per loop.

C.16Right to deleteTenant-initiated deletion with cryptographic shred + signed certificate of destruction.

AI governance

The decision layer is where AI risk lives. We treat it accordingly.

Allometry runs autonomous workflows against revenue and capital decisions. That means model risk is operational risk — and we manage it the way you manage any other production system.

§ Accountability

Every output names a model and a policy.

The decision log records the model version, the policy version that gated it, the input snapshot, and the operator account responsible. Reproducibility on demand.

Versioned model registry with promotion gates
Policy as code — diffed and reviewed like infrastructure
Per-decision lineage: features, model, policy, output

§ Containment

Autonomy is earned, per loop, per scope.

New models start in shadow mode. Promotion requires evaluation thresholds. Production scopes are bounded by policy — and revocable in one click.

Shadow → assist → autonomous promotion path
Per-loop kill-switch with full state preservation
Per-tenant rate limits on autonomous writes

§ Human review

Exceptions queue, with full context.

When policy flags a decision — low confidence, novel pattern, threshold breach — it lands in a human queue with the model card, the inputs, and the recommended action.

Configurable thresholds per loop and per scope
Reviewer attribution captured in the decision log
Override patterns become training signal

§ Evaluation

Continuous, adversarial, transparent.

Models run against frozen evaluation sets every release. Drift detection on inputs and outputs. Customers can see eval results for the models running on their tenant.

Held-out evaluation sets per industry vertical
Drift monitoring with alerting on material shift
Customer-visible model cards on every loop