Your data, walled off by design.
InCiteOS turns your most sensitive records — contracts, grants, financials, staffing — into board-ready intelligence. We engineered it so that intelligence never leaves your organization’s four walls: no shared tables, no cross-tenant leakage, no surprises. Here’s exactly how.
Five principles we build to
Your documents and the insights drawn from them are yours — export anytime, and a deletion request purges them.
Every identity gets the minimum access needed to do its job, and nothing more.
Encrypted in transit (TLS 1.2+) and at rest (AES-256) on Google’s infrastructure.
Your data is partitioned from every other customer at three independent layers.
The AI reads only your tenant, cites its sources, and never trains on your data.
One platform. Many organizations. Zero overlap.
Every record in InCiteOS is stamped with your organization’s domain. Access is decided by a cryptographically-signed claim attached to your identity at sign-in — not by anything a user can type, request, or be talked into revealing. An identity carrying the claim for your-org.org can reach your-org.org data, and nothing else.
- Deny by default. Anything not explicitly permitted is refused — the rulebook’s final word is “no.”
- Immutable tenancy. A record’s organization can never be changed, so data can’t be “moved” into another customer’s space.
- Three independent layers. Isolation is enforced in the database rules, the storage rules, and again in server code — a single misconfiguration can’t expose you.
From a document to an insight — without leaving your tenant.
When you upload a file, it travels a fixed, tenant-scoped path. Every hop verifies the work belongs to your organization, and the AI keys that do the reading live in Google Secret Manager — never in your browser, never in our source code.
Every request re-proves who you are.
The most common way SaaS data leaks isn’t a broken firewall — it’s someone talking their way into another customer’s data. InCiteOS removes that path. Tenancy is bound to a signed token, not a support conversation, and even an organization’s own administrator has no route — in the product or the API — to another tenant.
- Server-trust, not client-trust. The backend re-derives your tenant from your signed token and ignores anything the client claims to be.
- One key spans tenants. Exactly one platform identity can switch organizations — set by allow-list, and every switch is recorded.
- Instant revocation. Compromised credentials are cut off immediately — active sessions are revoked, not waited out.
- Append-only audit. Sign-ins, uploads, exports, data writes, and every administrative action are logged — and the log survives even an account’s deletion.
- No look-alike orgs. Provisioning refuses a domain that already exists, blocking impersonation by a near-identical tenant.
Built end-to-end on Google Cloud.
InCiteOS runs entirely on Google Cloud Platform — the same SOC 2 / ISO 27001-certified infrastructure that secures Google’s own services. We don’t operate our own servers, so there’s no fleet to mis-patch or leave exposed.
Event-driven backend logic — no public servers to harden.
Multi-region, encrypted datastore with rule-enforced tenant isolation.
Tenant-scoped document vault; uploads access-controlled and size-capped.
API keys and credentials, isolated from code and from the browser.
Google’s OCR for scanned files — used only as a fallback.
Continuous platform observability and alerting.
Encrypted in transit with TLS 1.2+, and at rest with AES-256 — by default, everywhere.
The AI works for you — and only sees your tenant.
- Server-side only. The models run behind our backend; their keys are never exposed to your browser.
- No training on your data. Your documents and figures are never used to train public AI models.
- Web research is off by default. When an admin turns it on, it’s restricted to an admin-approved source list, and outbound queries are monitored for confidential figures.
- Grounded and cited. The AI is instructed to use only values present in your documents and to trace every claim back to its source.
Your data is yours. Export it anytime. Ask us to delete an account and we purge its records and files across the platform — while preserving the tamper-evident audit trail.
An append-only audit log records who did what, and when — across sign-ins, data changes, and administrative actions.
We inherit Google Cloud’s certified infrastructure today, with SOC 2 (Type I then II) and independent penetration testing on our roadmap.