SECURITY

Your data, your tenant, your control.

Findable runs inside your Azure tenant. Your data never leaves. Identity is Entra ID. Access is ACL with inheritance at every level. Built like enterprise software, because it is.

COMPLIANCE

Where we are. What’s next.

We say what’s done, what’s in progress, and what’s on the roadmap. We don’t print badges we haven’t earned.

SOC 2 Type IIIn preparation

Trust Services Criteria mapped. Controls being implemented now. Observation period begins this quarter.

ISO 27001On roadmap

Planned after SOC 2 Type II. ISMS documentation under way — same controls inherited.

HIPAABAA available

HIPAA-mode deployments restrict LLM providers to BAA-eligible (Azure OpenAI, Bedrock, Anthropic Enterprise, Vertex). BAA on request.

ARCHITECTURE

Single-tenant. Single subscription. Single blast radius.

Findable deploys to your Azure subscription. Your data shares no Cosmos, no storage, no compute with another customer. There is no “Findable cloud.” The blast radius of any incident is your tenant — and so is the recovery.

YOUR TENANT
Your Azure subscriptionApp Service · Cosmos DB · Azure Search · Storage · Key Vault · Managed Identity
all data here
EDGE
LLM providers you enableListed in your settings, switchable per chat. Outbound only — nothing leaves the tenant unless your admin says so.

IDENTITY & ACCESS

Entra ID for who. ACL for what.

Every user authenticates through your Entra ID tenant. No Findable account creation, no parallel directory, no shadow IT. Group memberships flow through automatically.

Access control runs at three levels — app, page, entity — with inheritance from above and override at any level. External and guest users are blocked by default. Admin bypass is explicit and recorded.

ENCRYPTION & DATA RESIDENCY

Your data, your region, your keys.

TLS in transit, Azure-managed encryption at rest by default. Customer-managed keys (CMK) available for regulated workloads. SQL adapters enforce strict TLS to your data warehouses.

Data residency is your subscription’s region — we have no shared cloud, no central database, nothing crosses geographies. Cosmos partition keys isolate users at the data layer.

SUBPROCESSORS

Only the LLM providers you choose.

Findable itself has no subprocessors. The platform doesn’t phone home, doesn’t ship telemetry to us, doesn’t store your data anywhere we control. The third parties that touch your data are the LLM providers and connectors your admin enables — listed in your settings, not buried in a contract.

Need our security questionnaire?

Pen test results, SIG, CAIQ, architecture deep-dive — we have them ready. Email a human, get an answer.

Email securityTalk to sales →