askOdin — AI Judgment Infrastructure for Capital Allocation

Security & Compliance

Sovereign Infrastructure.

Decks under NDA. Anti-portfolio data. IC dissent memos. Cap-table commingling notes. This is the most sensitive material your firm holds — and the data SaaS vendors monetize most aggressively. We do not retain it. We do not train on it. We do not aggregate it. The audit produces a Defensible Audit Log™; the substrate it ran on does not survive the session.

Request Institutional Instance Contact Security Team

// THE SECURITY PROTOCOL

Built for the Risk Officer.

Ephemeral Processing

We do not train on your data. Period.

Enterprise Clarity deployments run on a stateless, ephemeral architecture. Decks, financial models, and cap tables are processed in ephemeral compute and purged on completion. The audit produces a Defensible Audit Log™; the substrate it ran on does not survive the session.

Encryption

Encrypted at every stage of the pipeline.

  • At rest: AES-256
  • In transit: TLS 1.3
  • API access: token-based auth with scoped permissions

Infrastructure

Enterprise-grade cloud with security and performance guarantees.

  • Compute: Google Cloud Platform (Enterprise Tier)
  • Edge: Cloudflare WAF, DDoS protection, CDN
  • Deployment: multi-tenant (emerging managers) or dedicated instance (enterprise funds)

Jurisdiction

Headquartered in Singapore — a recognized financial center under English Common Law.

  • Legal framework: Singapore Companies Act, PDPA compliance
  • IP protection: four U.S. provisional patents filed
  • Data sovereignty: processing region configurable per deployment

// SOVEREIGN-GRADE RUNTIME

The runtime is legally vetted, not just encrypted.

The JUDGE Protocol™ — askOdin's runtime circuit breaker — intercepts probabilistic hallucinations before they reach an output, isolates the offending variable, and hot-loads a corrective constraint without altering the underlying model. It is the only component of the stack to carry a national-security clearance.

Clearance

U.S. Prov. Patent No. 64/017,488
IPOS §34 National Security Clearance
Issued 2026-03-26

Compliance Roadmap

Current
  • Ephemeral Processing policy
  • AES-256 / TLS 1.3 encryption
  • Google Cloud Enterprise Tier
  • Cloudflare WAF + DDoS protection
  • PDPA (Singapore) compliance
  • IPOS §34 clearance (JUDGE Protocol)
In Progress
  • SOC 2 Type I certification
  • GDPR Data Processing Agreement
  • Penetration testing (third-party)
Planned
  • SOC 2 Type II certification
  • ISO 27001
  • On-premise deployment option

// OBJECTION HANDLING

Security & Compliance FAQ

Does askOdin train its models on the data we upload?

No. Execution is stateless, with a strict ephemeral-processing mandate. Deal documents are processed in ephemeral compute and purged on completion; they never enter any training corpus.

Is askOdin SOC 2 or ISO 27001 certified?

Current controls: ephemeral processing (no data retained), AES-256 at rest, TLS 1.3 in transit, stateless API orchestration, PDPA compliance, and IPOS Section 34 National Security Clearance. SOC 2 Type I and a GDPR Data Processing Agreement are in progress; SOC 2 Type II and ISO 27001 are on the roadmap. Documentation is available under NDA for your security review.

Will askOdin sign a DPA, and do you use Standard Contractual Clauses?

Yes — a Data Processing Agreement is available for institutional instances, with Standard Contractual Clauses for cross-border transfers. Contact the security team to initiate signing.

Where is our data processed — what data-residency options exist?

Processing region is configurable per deployment; the default jurisdiction is Singapore under PDPA, with EU and US residency available for dedicated instances.

Can askOdin run as a stateless or dedicated instance?

Yes. Institutional deployments run as stateless instances with ephemeral processing and strict data sovereignty; your proprietary deal flow is isolated to your private session and never commingled.

Who are askOdin’s sub-processors?

Enterprise-tier cloud compute (Google Cloud), edge security (Cloudflare), and a swappable model provider behind an adapter layer. The current sub-processor list is provided under NDA.

Is the output auditable and defensible to a regulator?

Yes. askOdin is a deterministic compiler, not a probabilistic black box. Every verdict produces a Defensible Audit Log with cross-document provenance — reconstructible under fiduciary inquiry or regulatory examination.

Questions about security?

We welcome security reviews and provide detailed technical documentation for your compliance team.

Contact Security Team Review Patent Architecture