Security and sovereignty are not features. They're the foundation.

Your data does not train any external model. Ever.

Chordian Memory runs in your environment. No data is shared with Chordian's models or any third-party AI system for training purposes. Your institutional knowledge is yours.

We are GDPR compliant and building toward SOC 2 Type II certification. Our security architecture is designed to meet the requirements of regulated industries. Security questionnaires available on request.

Three deployment options — all private

• Chordian Cloud: isolated per-tenant, EU and US regions, GDPR compliant · Security-first architecture
• Private Cloud (BYOC): your AWS, GCP, or Azure account, data never leaves your VPC
• On-Premises: your data centre, full air-gap available for regulated workloads

See deployment options on Chordian Memory.

Compliance

• GDPR compliant
• SOC 2 Type II certification in progress — do not treat as certified until complete
• HIPAA-ready
• Custom compliance packages for financial services, healthcare, and government

Access controls

• SSO (SAML 2.0, OIDC) on all Enterprise plans
• Role-based access control per Memory Vault
• Full audit trail: every query, every access, every retrieval — logged and exportable
• Data retention policies configurable per deployment

Contact for security questions: oliver.spring@chordian.ai