1. Home
  2. /
  3. Trust
Trust · Security · Governance

The fastest way to kill a retail AI deal:
an agent with write access and no audit trail.

Ward starts read-only, runs on policy, and logs every query. Architecture, MSA, DPA, SOC 2 report, and certificate of insurance are on the table before you sign.

Book a security review See available documents
01
Architecture stance

Read-only by default.
Writes need a named human.

Ward queries your warehouse, POS, and ERP with read-only credentials. Anything that writes (exports, write-backs, schedule pushes) gates on sign-off from a role you define, logged with the approver’s name.

SOC 2 IIIn progress · Type I now
TLS 1.3In transit
AES-256At rest
Read-onlyBy default
Read-only credentials, Cedar policies
Service accounts are scoped to SELECT on the schemas you whitelist, no INSERT/UPDATE/DELETE, confirmable in your warehouse audit log. Every agent runs under a Cedar policy, versioned in Git, peer-reviewed, and signed. Not in the repo means not in production.
Every query inspectable
Click any number on the page. See which agent ran, which sources, which SQL, which model. Hand it to compliance without a forensics project.
02
Policy plane

Policy as code.
Not click-admin drift.

The policy plane, kill switch, and audit trail your team would build with a free quarter. Enterprise-grade governance, no enterprise team required.

policies/finance-agent.cedar v3 · signed 
// Finance Agent: read-only on warehouse.finance,
// no PII, region-scoped, writes require approval.

permit (
  principal in Role::"FinanceAgent",
  action    in [Action::"read", Action::"summarize"],
  resource  in Source::"warehouse.finance"
)
when {
  resource.classification != "pii"
  && context.region        == principal.region
  && context.budget.tokens > 1000
};

forbid (
  principal,
  action == Action::"write",
  resource
)
unless {
  context.approval.status   == "granted"
  && context.approval.approver in Role::"FinanceLead"
};
Policies live in your repo. Versioned, reviewed, signed.
  • Policy as code, visualized
    Cedar policies live in your Git. Versioned, peer-reviewed, signed. The console renders every rule as a graph: agent, action, source, condition. Your IT team reads policy without reading Cedar.
  • Scoped per role, tenant, resource
    Finance Agent cannot see labor schedules. Vendor Agent cannot touch shrinkage. US tenant cannot query EU tables. Least-privilege, machine-enforced.
  • Classifications drive access
    Tag a column pii, financial, or operational once. Every agent, every query inherits the rule. No copies of the policy to keep in sync.
  • Who changed what, on the record
    Every charter edit, prompt change, and policy update is logged with name, time, ticket, and approver. Diff two versions side by side. Roll back in one click. Export to your SIEM.
  • Writes need a named human
    Read-only by default. Exports, write-backs, schedule pushes. Anything that mutates state gates on approval from a role you define. Logged with the approver’s identity.
  • Audit any number on the page
    Click a forecast, a margin call, a shrinkage flag. Ward shows the SQL, the source tables, the model, the parameters, and the backtest. Procurement stops asking how the number was made.
Pause & audit log
One toggle freezes every agent across every tenant. It resumes clean and nothing replays. Every prompt, query, model call, charter edit, and answer streams to your SIEM the moment it happens.
Kill switch · JSONL · Splunk · Datadog
Region, tenancy & keys
US stays US. EU stays EU. Single-tenant in your AWS or Azure account on request. Keys are KMS or HSM-backed, so you rotate, revoke, and hold the receipts. Ward never sees the key material.
VPC · data residency · BYOK · CMK · envelope
Insurance & model cards
Cyber and tech E&O on file with an AI rider, and a certificate of insurance to your procurement team in a day. Every number carries a model card: ARIMA, Holt-Winters, Bayesian hierarchical, gradient-boosted residuals, with the forecast, the MAPE, and the backtest.
Cyber · tech E&O · AI · forecasts your planners trust
03
Data handling

Your data, your keys, your region.

Ward processes your data only to deliver the service. Nothing trains a public model. Nothing leaves your region without a contract that allows it.

Encryption in transit & at rest

TLS 1.3 in transit. AES-256 at rest. Key material in AWS KMS or your HSM.

SSO / SAML & SCIM

SAML 2.0 single sign-on against your IdP. SCIM provisioning and de-provisioning, so access follows the org chart.

Role-based access (RBAC)

Least-privilege roles per agent, tenant, and resource. Finance can’t see labor; US can’t query EU tables.

Immutable audit trail

Every prompt, query, model call, and approval is logged with name, time, and ticket. Streams to your SIEM.

Customer-managed keys

CMK on request, KMS or HSM-backed with envelope encryption. You rotate, revoke, and hold the receipts; Ward never sees the key material.

VPC & PrivateLink

Single-tenant inside your AWS or Azure account via VPC peering or PrivateLink. Your network, your account, your boundary.

Data residency

Region pins at the tenant level: us-east-1 / us-west for US, Frankfurt and Dublin for EU, Tokyo for Japan.

Retention, deletion & sub-processors

Configurable retention per data class. Hard delete in 30 days post-termination, wipe logged. Full sub-processor list below.

Customer data is never used to train a public foundation model — tenant-scoped fine-tunes only, opt-in by contract.

04
Compliance & certifications

Where we are, and where we’re going.

Status, not aspiration: what’s in place, what’s in flight, and when each item lands. Need something before signing? Ask, and we’ll send it or tell you when.

SOC 2 Type II In progress
Audit window opened with a Big Four-adjacent firm. Type I letter available now. Type II report expected Q3 2026. Bridge letter on request.
GDPR Ready
DPA available. Standard Contractual Clauses for EU transfers. Data residency in Frankfurt or Dublin for EU tenants. DPO contact in the DPA.
CCPA / CPRA Ready
California consumer rights honored under the DPA. Data subject access, deletion, and opt-out workflows documented.
ISO 27001 2027 roadmap
Controls in place today. Formal certification scheduled after SOC 2 Type II lands. Available on request for enterprise contracts.
Pen testing Annual
Third-party penetration test annually. Latest summary letter available under NDA. Critical findings remediated within 30 days, all findings within 90.
HIPAA On request
BAA available for pharmacy retailers handling PHI. Single-tenant deployment recommended for HIPAA workloads.
05
Sub-processors & review

Every vendor that touches your data.

Listed below. Change one and we email you 30 days ahead, with an objection window per the DPA. Here’s how a security review runs, end to end:

01
Review

Architecture packet, MSA, DPA, and pre-filled questionnaire (CAIQ, SIG Lite) to your team in a business day.

02
Scope

Pick the boundary: multi-tenant SaaS, single-tenant VPC, or PrivateLink in your own account.

03
Connect

Read-only credentials, scoped to the schemas you whitelist. No write access until you grant it.

04
Govern

Cedar policies signed in your repo. Every query and approval streams to your SIEM, on the record.

Vendor Purpose Region Data class
AWSHosting, storage, KMSUS, EU, JPAll
AnthropicLLM inference (no training)USOperational only
OpenAILLM inference (no training)USOperational only
Google Vertex AILLM inference (no training)US, EUOperational only
DatadogApplication monitoringUSLogs, metrics
StripeBillingUSBilling only

Single-tenant deployments can exclude any third-party LLM. Self-hosted open-weight models supported on request.

06
Insurance & incident response

Coverage on file.
Response on the clock.

Cyber liability & tech E&O

Cyber liability and tech E&O coverage in force, with an AI rider for errors in model output. Carrier name and certificate of insurance to your procurement team within one business day.

  • Cyber liability with breach response
  • Tech E&O with AI/ML rider
  • Additional insured endorsement on request
  • COI delivered via email or vendor portal
Incident response

Documented runbook. Customer notification SLA per the DPA. Post-incident report with root cause and corrective action.

  • Detection: 24/7 SIEM alerting
  • Triage: on-call within 15 minutes
  • Notification: 72 hours per DPA
  • Postmortem: within 14 days
07
Documents

On the table before you sign.

Architecture diagrams, contracts, audit letters, insurance certificates. Most arrive within a business day; the few under NDA need a one-page MNDA first.

Architecture review packet
Network diagram, data flow, agent topology
MSA & Order Form
Standard or your paper, redline-friendly
Data Processing Addendum
GDPR, CCPA, SCCs, sub-processor list
SOC 2 Type II report
Type I now · Type II Q3 2026 · under NDA
Penetration test summary
Annual third-party test · under NDA
Certificate of insurance
Cyber, tech E&O, AI rider
Business Associate Agreement
HIPAA-covered tenants
Security questionnaire
CAIQ, SIG Lite, custom. Pre-filled.
08
Disclosure & contact

Found something? Tell us.

Coordinated disclosure. We respond within one business day, triage within three, and credit researchers in the changelog when the fix ships.

Security disclosure
security@getward.ai
Procurement & legal
legal@getward.ai
Book a security review See the architecture →

Your security review starts with a short list of questions.

Architecture, MSA, DPA, SOC 2 letter, COI. On the table before you sign.

Get a demo
Get started

Find out what your data has been hiding.

Tell us about your operation. We’ll show you the problems Ward catches, and the ones your current tools miss.

Step 1 of 3
What are your goals?
Step 2 of 3
About your operation
Step 3 of 3
Your contact info