Security & Trust

Built for institutions that get examined.

Cernio, Cura, Sentra, and Tessra deploy under the same posture: your VPC, your keys, a tamper-evident audit trail.

01 — Deployment Model

In Your VPC, By Default

Every product ships as single-tenant software. There is no multi-tenant production SaaS database where customer data is pooled with other institutions'. Pick the deployment mode that matches your data-residency and risk posture.

01
Fastest time to value

Managed SaaS

Single-tenant, US-hosted instance. Adalma manages infrastructure, updates, and uptime. Suitable for institutions comfortable with third-party SaaS for a defined workload.

  • Single-tenant instance per customer
  • No shared tenant data
  • Fastest path to production
02
Your cloud boundary

Your Cloud VPC

Deployed inside your AWS, Azure, or GCP account using standard Kubernetes, Helm, and ArgoCD. Data and inference never leave your cloud boundary.

  • Runs inside your VPC
  • BYOK to your KMS
  • SSO to your IDP
03
Maximum isolation

Sandboxed / Air-Gapped

Fully sandboxed with no outbound network, or fully on-premises. Support reaches you only via MCP tunnels you initiate and audit. Supports self-hosted, open-weight models.

  • Zero outbound network calls
  • Self-hosted model support
  • No multi-tenant production SaaS
02 — Data Handling & Keys

BYOK. Your Keys, Not Ours.

Encryption keys are bring-your-own-key (BYOK) to your KMS — Adalma never holds a master key to your data.

Direct Anthropic API
Customer cloud Bedrock, Vertex, or Azure — stays in your cloud account
Sandboxed fully inside your VPC, no outbound network

Encryption at rest and in transit

Data is encrypted at rest under your KMS keys and in transit with TLS. Nothing is decrypted outside your configured boundary.

No cross-customer data pooling

Each deployment is single-tenant. Member, transaction, call, and prompt data for one institution is never visible to another.

Support access you control

In sandboxed and on-premises modes, Adalma support reaches your environment only through MCP tunnels you initiate and can audit or revoke.

Synthetic data in demos

Public demo and evaluation environments (cernio.adalma.ai, cura.adalma.ai, tessra.adalma.ai) run on synthetic data only — no real member or customer data.

03 — Auditability & Tamper-Evidence

Every Decision, Logged and Provable

Compliance-heavy workflows only matter if an examiner can independently verify what happened. Every product writes an auditable record of its actions inside your environment.

  • §01Every detection, classification, and disposition is written as an immutable decision record and Merkle-anchored, so any historical decision can be independently verified.
  • §02Compliance-enforcement events (TCPA/Reg F blocks, cease-and-desist, sanctions hits, model-call approvals) are written to an append-only audit log, available on demand and exportable for regulatory review.
  • §03The audit root stays inside your environment, on your keys — Adalma cannot rewrite or backdate the chain.
  • §04Exam-prep packs, regulator view mode, and per-release evaluation scores generate directly from the signed audit chain, not from a marketing summary.
04 — Compliance Posture

Honest About Where We Are

Adalma is an early-stage vendor. We would rather state our compliance posture plainly than claim certifications we do not hold.

Status — In Progress

SOC 2 Type II: audit in progress, not yet certified. We claim no SOC 2, ISO 27001, or other third-party certification today.

Designed to meet SOC 2 Trust Services Criteria, FFIEC, NY DFS Part 504, GLBA
Controls BYOK encryption, least-privilege access, tamper-evident audit logging
Human gates SAR filing, cease-and-desist, benefit disbursement holds
Release gating eval required before any change to detection logic ships

We publish certification status here — not in a press release — the day an audit completes. Until then, treat every claim on this page as a design principle, not a compliance attestation.

05 — EU Regulatory Alignment

Designed to Meet DORA and the EU AI Act — Not Certified Against Them

Same posture as §04, extended to DORA and the EU AI Act. We hold no attestations or conformity certifications — here's what's built vs. roadmap.

Status — Design Alignment, Not Certified

DORA (Digital Operational Resilience Act): operational-resilience controls are designed to align with DORA's expectations today.

Fail-closed enforcement-engine failure denies the call — never fails open
Audit trail tamper-evident, for ICT-incident review
Visibility provider-concentration across every model call in the ledger

DORA third-party risk management (roadmap): per-provider model allowlists exist today and are enforced on every call. Formal exit-plan reporting for critical ICT third-party providers, as DORA's third-party risk provisions expect, is not yet shipped — it is on our roadmap.

EU AI Act, Art. 12 (record-keeping): met by design — every policy decision and model call is written to a hash-chained, append-only ledger that any party can independently verify, not a log you have to trust us on.

EU AI Act, Art. 14 (human oversight): met by design through policy-gated egress — high-sensitivity traffic is hard-denied to non-approved providers before it ever leaves the boundary, and every gate decision is itself an auditable record.

EU AI Act transparency: the claims on this page are backed by that same verifiable audit chain, not a marketing summary — see the live proof page to check it yourself.

We claim no DORA attestation or EU AI Act conformity certification today. Items marked roadmap aren't built yet — treat this section like §04: a design principle, not a regulatory attestation.

Security Review

Talk to Our Team About Your Security Questionnaire.

We will walk your infosec and risk teams through deployment modes, key management, and the audit chain in detail — no NDA required to start.