Security & Compliance

Audit-ready by design.

We treat security as infrastructure, not an add-on. Every layer of Origin8 is built so your CISO can trust the orchestra to act on regulated data.

Compliance posture

Built to clear procurement.

SOC 2 Type II

Audited annually. Continuous control monitoring across security, availability, and confidentiality.

GDPR

Data subject rights, EU residency options, processor agreements available.

HIPAA-ready

BAA available. PHI segregated, encrypted, and audit-trailed end to end.

ISO 27001

Information security management aligned to ISO/IEC 27001:2022.

AES-256 at rest

Every stored field encrypted with AES-256. Keys managed in HSM-backed KMS.

TLS 1.3 in transit

Forward secrecy on every API call. Mutual TLS available for enterprise.

Immutable audit trail

Every agent action, model decision, and human override stored append-only.

PII redaction

Automatic field-level masking in prompts, logs, and analytics exports.

Data residency

US, EU, and APAC regions. Single-tenant deployments on request.

Privacy by design

Consent state propagates with every event. Purpose-bound processing.