Read-only access.
Sovereign by design.
NOFire reads. It does not write. Customer data is processed inside your VPC, the Context & Control Model never leaves your control plane, and every autonomous action is bound to a policy you wrote.
Independently verified, top to bottom.
Layered controls across encryption, infrastructure, identity, and process. Audited annually; reports available under NDA.
Audit-ready against the SOC 2 Type II framework: security, availability, and confidentiality. Report in flight.
Request status →Standard DPA, SCCs, and a published sub-processor list. EU and UK data residency.
Request DPA →Immutable, tamper-evident logs of every action. Streamed to your SIEM as signed receipts.
TLS 1.3 in transit. AES-256 at rest. Customer-managed keys via KMS on Enterprise.
A short, published list of vendors. We notify you 30 days before adding a new one.
SaaS, or run it inside your own cloud.
Same product. Same controls. Choose the boundary that fits your security posture.
Multi-tenant SaaS hosted by NOFire. Fastest path to value.
- Region-bound (US, EU)
- Tenant-isolated data planes
- Customer-managed keys (Enterprise)
- SOC 2 Type II ready · GDPR
NOFire Edge runs inside your VPC. Your data and the Context & Control Model never leave your network.
- Deploys via Terraform / Helm
- Private connections only, no inbound
- Customer KMS & private registry
- Air-gapped option on Enterprise
Bound to your IdP. Scoped to the work.
Every operator and every agent is identified, scoped, and auditable. Bring your existing identity provider.
Okta, Google, Azure AD, Auth0, OneLogin, Ping. SCIM provisioning included.
Map IdP groups to scoped roles. Read, query, propose, act: separate permissions.
OPA-style policies gate every autonomous action. Scope by service, env, and condition. Signed audit & runtime enforcement patterns →
Configurable session lifetimes, IP allowlists, and just-in-time elevation for sensitive scopes.
Designed to use your data without compromising it.
Read-only by default. PII redacted before it reaches the model. Your data is never used to train cross-customer systems.
Scoped read against tracing, metrics, logs, and Kubernetes APIs. No write tokens. Ever.
Pattern-based redaction for emails, tokens, and secrets. Allowlists configurable per connection.
Your data is never used to train, fine-tune, or improve any cross-customer model.
Per-tenant Context & Control Model. No data, embeddings, or schemas are shared across customers.