← Back to Compliance Docs

🛡️ Security Whitepaper

Version 1.0 · January 2026

Key Security Highlights:

  • Data Sovereignty: All data processing can occur entirely on customer infrastructure
  • Zero External Calls: Sovereign deployment makes no external API calls
  • Cryptographic Integrity: SHA-256 hash chains for tamper-evident audit trails
  • Customer-Owned Keys: KMS/HSM integration with customer-controlled encryption keys
  • Air-Gap Ready: Full functionality without internet connectivity

1. Security Architecture

Defense in Depth

Datacendia implements multiple layers of security controls:

Layer Controls
Perimeter WAF, DDoS Protection, Rate Limiting, IP Allowlisting
Network VPC Isolation, Network Segmentation, TLS 1.3 Everywhere
Application Authentication, Authorization, Input Validation, CSRF Protection
Data Encryption at Rest, Encryption in Transit, Key Rotation
Monitoring Audit Logs, Anomaly Detection, SIEM Integration

Deployment Models

Model Description Security Profile
Sovereign (Air-Gapped) 100% on-premise, no external connectivity Maximum security, SCIF-compatible
Private Cloud Customer's cloud account (AWS/Azure/GCP) Customer-controlled infrastructure
Hybrid Core on-premise, optional cloud AI Balanced security and capability
Cloud Datacendia-managed infrastructure SOC 2-aligned controls

2. Data Protection

Data Classification

Classification Examples Handling
Restricted Decision packets, deliberation content Encrypted, access-logged, retention-controlled
Confidential User data, organization config Encrypted, role-based access
Internal System logs, metrics Encrypted at rest
Public Documentation, marketing No special handling

Data Residency

  • Sovereign deployments: Data never leaves customer premises
  • Cloud deployments: Customer selects region (US, EU, APAC available)
  • No data sharing: Customer data is never used for model training
  • No telemetry: Sovereign deployments send zero data externally

3. Access Controls

Authentication Methods

Method Description Availability
Username/Password Bcrypt-hashed, complexity enforced All tiers
Multi-Factor (MFA) TOTP, WebAuthn/FIDO2 All tiers
SSO/SAML Okta, Azure AD, Google Workspace Enterprise
CAC/PIV Smart card authentication Defense tier
Certificate-Based mTLS client certificates Sovereign

Role-Based Access Control (RBAC)

Seven predefined roles with granular permissions:

Role Permissions
Viewer Read decisions, view dashboards
Decision Owner Create/edit own decisions
Council Operator Run deliberations, manage agents
Approver Approve/reject decisions
Risk & Compliance Access compliance dashboards, export audit data
Auditor Read-only access to all audit trails
Admin Full system administration

4. Encryption

Encryption at Rest

Component Algorithm Key Management
Database (PostgreSQL) AES-256 Customer KMS or local
Object Storage (MinIO) AES-256-GCM Customer KMS or local
Backups AES-256 Separate backup keys

Encryption in Transit

  • TLS 1.3 required for all connections
  • Certificate pinning available for mobile/desktop clients
  • mTLS supported for service-to-service communication
  • Perfect Forward Secrecy enabled

Key Management Integration

Provider Integration
AWS KMS Native SDK integration
HashiCorp Vault Transit secrets engine
Azure Key Vault Managed HSM support
Local HSM PKCS#11 interface
Air-Gapped File-based keys with manual rotation

5. Audit & Logging

Immutable Audit Trail

Every significant action is recorded in a cryptographically-linked audit chain:

{
  "id": "audit-2026-01-05-001",
  "timestamp": "2026-01-05T14:30:00Z",
  "action": "DECISION_APPROVED",
  "actor": "user:jane.doe@company.com",
  "resource": "decision:acq-quantum-analytics",
  "hash": "sha256:a3f2c1d4e5b6...",
  "previousHash": "sha256:9c8b7a6f5e4d...",
  "signature": "RSA-SHA256:..."
}

What We Log

Category Events
Authentication Login, logout, MFA, failed attempts
Authorization Permission grants, denials, role changes
Data Access Read, create, update, delete operations
Deliberations Council sessions, agent responses, votes
Administrative Config changes, user management, key rotation
Security Anomalies, blocked requests, policy violations

6. AI Model Security

Local Model Execution

Datacendia's Sovereign Stack runs AI models entirely on customer infrastructure:

  • Ollama Integration: Local LLM inference
  • No External APIs: Zero calls to OpenAI, Anthropic, etc. in Sovereign mode
  • Model Provenance: Verified model checksums
  • Isolated Inference: Models run in sandboxed containers

Anti-Hallucination

  • Citation Verification: AI responses cite source documents
  • Confidence Scoring: Low-confidence responses flagged
  • Human Review: Critical decisions require human approval

7. Compliance Alignment

Note: Datacendia's architecture is designed to support compliance with major frameworks. Formal certifications are available upon enterprise contract.

Framework Status Notes
SOC 2 Type II Architecture aligned Controls implemented; formal audit available on contract
ISO 27001 Architecture aligned ISMS documentation available
HIPAA Architecture aligned BAA available; technical safeguards implemented
GDPR Compliant DPA available; data residency controls
FedRAMP Architecture supports Available for government contracts

8. Contact

Security Team: security@datacendia.com

Vulnerability Reports: See Vulnerability Disclosure Policy

Compliance Inquiries: compliance@datacendia.com

© 2026 Datacendia, Inc. All rights reserved.
This document is provided for informational purposes. Security controls may vary by deployment model and contract terms.