Trust Center
The single front door for every security and compliance question that isn't about a specific Trinitite feature.
For control-by-control alignment to frameworks (HIPAA / SOC 2 / GDPR / EU AI Act / NIST AI RMF), see the Compliance Matrix.
Posture at a glance
| Property | Default |
|---|---|
| Encryption in transit | TLS 1.3 (no weaker ciphers offered) |
| Encryption at rest | AES-256-GCM with envelope encryption against KMS |
| Customer-managed keys | Available (AWS KMS, Azure Key Vault, GCP KMS, HashiCorp Vault, on-prem HSM) |
| Authentication | OAuth 2.1 + SAML 2.0 (Azure AD, Okta, Google Workspace) |
| MFA | Required for all admin operations |
| Network egress | Allowlisted; default-deny |
| Default tenancy | Logical isolation; physical isolation available on Enterprise |
| Default region | US-East / EU-Central / AP-Southeast (other regions on request) |
| Self-hosting | Fully supported — see Self-hosting |
| Air-gapped deployment | Supported for Government / Sovereign tier |
Subprocessors
This is the live list. Material changes are announced to active customers with at least 30 days of notice.
| Subprocessor | Purpose | Region |
|---|---|---|
| Amazon Web Services | Compute, storage, KMS | us-east-1, eu-central-1 |
| Cloudflare | DDoS, edge TLS termination | global |
| Datadog | Internal observability (Trinitite's own ops) | us1 / eu1 |
| Stripe | Billing | us / eu |
| Anthropic | Optional upstream LLM (only when customer routes via vaulted credential) | us / eu |
| OpenAI | Optional upstream LLM (only when customer routes via vaulted credential) | us / eu |
| Resend | Transactional email | us / eu |
A self-hosted Trinitite deployment uses none of the above except those you specifically configure.
Data flow
Notes:
- Customer prompt content stays inside the Customer Application and Trinitite layers; it reaches an Upstream LLM Provider only when the customer has opted into proxy mode and supplied vaulted credentials.
- Trinitite never trains on customer prompts. Closed-loop training (see Guardian Training) operates on embeddings of correction patches, not raw prompts, and is opt-in per tenant.
- Glass Box Ledger receipts ship to a customer-controlled SIEM — Trinitite retains its own copy for the configured retention window only.
Retention windows (defaults)
| Stream | Default retention | Notes |
|---|---|---|
ops (latency, throughput) | 90 days | Adjustable per tenant. |
security (block events) | 13 months | Adjustable per tenant. |
audit (Glass Box) | 7 years | Hard floor for regulated tenants. |
| Inference response bodies | 0 days (default) | Not stored unless tenant opts into replay support. |
| Vaulted provider creds | Until deleted | Customer-managed lifecycle. |
See Cookbook: SIEM export for sample sink configs.
Key custody
| Tier | Storage |
|---|---|
| Standard | AWS KMS (managed by Trinitite, single-tenant CMK). |
| Enterprise | Customer-managed KMS (BYOK). |
| Sovereign | Hardware TEE (e.g. Nvidia Confidential Computing) + customer-managed KMS. |
Trinitite cannot decrypt customer data under the Enterprise or Sovereign tiers without explicit customer key release. Backup keys, if any, live with the customer.
Vulnerability disclosure
We follow coordinated disclosure. Email security@trinitite.ai with PGP key 0x... (also published at /.well-known/security.txt). We commit to:
- Acknowledge within 1 business day.
- Triage within 5 business days.
- Patch within 30 days for High / Critical, 90 for Medium.
- Credit in our public security acknowledgements (with reporter's permission).
Security artifacts available under NDA
- SOC 2 Type II report.
- ISO 27001 certificate.
- Pen test summary (most recent quarter).
- Subprocessor list (live link to this page).
- BAA template (for HIPAA-covered customers).
- DPA template.
- Architecture diagram (signed).
Email trust@trinitite.ai with a brief statement of need.
What's next
→ Compliance Matrix — framework-by-framework mapping.
→ SLA & Limits — availability and latency commitments.
→ Self-hosting — keep everything in your environment.