Security & Trust

Your firm's data lives in your repo.
Not ours.

Most AI vendors copy your project files into their database. That's how their product works. It's also how your competitor finds out about your fee structure six months later. We built the opposite. Here's exactly what we touch and what we don't.

The three-pillar trust model

A vendor saying “we don't train on your data” is fine. A clause in your contract saying it is better. A repo log showing every action is best. We work on all three.

01

Architectural

What we technically can't do

  • Vault on your hardwareYour data lives in a private GitHub repository you own. We never host it.
  • Per-firm physical isolationOne repository per firm. No shared database. No shared vector store.
  • Stateless model callsWe do not retain prompts or outputs in our infrastructure beyond the request.
02

Contractual

What we won't do

  • No training on your dataEver. Including if a model provider offers us free credits in exchange.
  • Data export on requestCancel anytime; receive your repository handover and artifacts within 14 days.
  • Sub-processor change noticeThirty days' notice before any change to the list further down this page.
03

Visible

What you can verify

  • Open vault inspectionRun git log on your own repository to see exactly what every agent run wrote.
  • This pagePublic, dated, source-of-truth. Updated when any commitment changes.
  • Real disclosure addressEmail below is monitored daily. We acknowledge in 24 hours.

Per-firm physical isolation

There is no “all customers” database at SigmaMetrix. Each firm we work with has its own private GitHub repository, owned by the firm, accessed via a per-installation token that scopes to that one repository and nothing else.

We could not query across firms even if a court ordered us to. The architecture makes it impossible by construction, not by policy.

The napkin test

Ask any AI vendor to draw their data architecture on a napkin. If the napkin has one big database in the middle with all customers' data inside, walk away.

How your data moves

Three nodes. Two boundaries. No surprises.

YOUR VAULTprivate GitHub repoowned by your firmboundary: read-only tokenADAPTERstateless requestno retentionboundary: provider callANTHROPICno trainingby default► you own it► we run it► they compute

Sub-processors

The third parties involved in delivering SigmaMetrix. Any change requires 30 days' notice to active customers.

ProviderPurposeRegionData categoryDPA
AnthropicAI model inference (Claude)EU / USEngagement-time prompt content (no training by default)In place
VercelWeb hosting + edge functionsGlobal CDN, EU origin availableWeb traffic, deployment artifactsIn place
SupabaseOperator console database + authEU (Frankfurt)Console state metadata only — never your vault contentsIn place
GitHubVault repository hosting (your account, your repo)GlobalYour firm's vault — owned and controlled by youN/A

What we defend against (and what we don't)

We defend against

  • Cross-firm data leakage (per-firm physical isolation).
  • Prompt injection in client documents (sanitized pre-call).
  • Account takeover (auth provider hardening + 2FA).
  • Sub-processor compromise (least-privilege, monitored advisories).
  • Token exfiltration (per-installation tokens, short TTL).

We do not promise to defend against

  • Nation-state actors with arbitrary capability (out of scope for any commercial vendor).
  • Compromise of the underlying LLM provider's infrastructure (we monitor; we cannot prevent).
  • Endpoint compromise on your team's machines (your IT domain, not ours).

Incident response

1

Detection & triage

We acknowledge any reported security issue within 24 hours and communicate scope within 72 hours.

2

Customer notification

If your firm's data is affected, you receive direct notification within 72 hours of confirmed scope.

3

Post-mortem

Resolved incidents are published at /security/incidents with timeline, impact, and prevention.

View the incident log →

Responsible disclosure

If you find a security issue, email sigmametrixnv@gmail.com. We acknowledge in 24 hours, fix or scope in 14 days, and credit you publicly unless you ask otherwise.

Last reviewed: 2026-04-26 by Vivek Badaltjawdharie. Custom DPA available on request — same email as above. This page is updated whenever any commitment above changes.