Sotaire runs on single-tenant hardware inside your network. Direct outbound paths are blocked by default, and approved cross-boundary calls are brokered, logged, and reconstructable for auditors.
Network-level controls block direct outbound paths. Approved cross-boundary calls are explicit, brokered, and audited.
Your AI runs on dedicated servers we install in your office. No shared cloud, no multi-tenant blast radius, no neighbor risk.
Every prompt, tool call, and approval is logged append-only. Reconstruct any decision, anytime, for any internal or external auditor.
Agents pause for an explicit yes-or-no before anything consequential. Nothing irreversible happens unsupervised.
All inference, indexing, and storage stay inside your perimeter. Residency isn't a setting to enable — it's the only way it runs.
Role-based permissions map to your directory, so each user and agent sees only what their role allows.
Deployed in an isolated segment with egress filtering. Outbound destinations are denied by default — the model can't phone home because there's nowhere to call.
Dedicated hardware per organization. No workload, weights, or cache is ever shared with another customer because there is no other customer on the box.
Authentication against your existing directory, role-based authorization on every request, and per-agent scopes that bound what each one can touch.
Append-only logging of prompts, retrieved context, actions, and human approvals — the evidence layer that makes boundary controls and oversight reviewable.
Because the platform lives entirely in your environment, your existing controls and certifications extend to it. We configure retention, access, and audit to the frameworks you already answer to.
Framework alignment is scoped per deployment. Listed standards indicate where Sotaire's controls map; they are not a claim of independent certification on your behalf.
We'll walk through the architecture, the egress controls, and the audit model — and how they map to your requirements.