1. Home
  2. /
  3. Trust
Trust · Security · Governance

The fastest way to kill a retail AI deal:
an agent with write access and no audit trail.

Ward starts read-only, runs on policy, and logs every query. Your security review is short. Your data team isn’t on the hook. Architecture, MSA, DPA, SOC 2 II report, and certificate of insurance. On the table before you sign.

Book a security review See available documents
01
Architecture stance

Read-only by default.
Writes need a named human.

Ward queries your warehouse, POS, and ERP with read-only credentials. Agents can’t mutate the data they reason over. Anything that mutates state gates on approval from a role you define. Exports, write-backs, schedule pushes. The approver’s identity is on every record.

Read-only credentials
Service accounts are scoped to SELECT on the schemas you whitelist. No INSERT, no UPDATE, no DELETE. Confirm in your warehouse audit log.
Cedar policies, in your repo
Every agent runs under a Cedar policy. Versioned in Git, peer-reviewed, signed. If it’s not in the repo, it’s not in production.
Every query inspectable
Click any number on the page. See which agent ran, which sources, which SQL, which model. Hand it to compliance without a forensics project.
02
Policy plane

Policy as code.
Not click-admin drift.

Ward gives you the policy plane, the kill switch, and the audit trail your team would build for itself if it had a quarter to do it. AWS-grade governance, without the AWS-grade team. Visualized in a console your IT lead can hand to procurement.

policies/finance-agent.cedar v3 · signed 
// Finance Agent: read-only on warehouse.finance,
// no PII, region-scoped, writes require approval.

permit (
  principal in Role::"FinanceAgent",
  action    in [Action::"read", Action::"summarize"],
  resource  in Source::"warehouse.finance"
)
when {
  resource.classification != "pii"
  && context.region        == principal.region
  && context.budget.tokens > 1000
};

forbid (
  principal,
  action == Action::"write",
  resource
)
unless {
  context.approval.status   == "granted"
  && context.approval.approver in Role::"FinanceLead"
};
Policies live in your repo. Versioned, reviewed, signed.
  • Policy as code, visualized
    Cedar policies live in your Git. Versioned, peer-reviewed, signed. The console renders every rule as a graph: agent, action, source, condition. Your IT team reads policy without reading Cedar.
  • Scoped per role, tenant, resource
    Finance Agent cannot see labor schedules. Vendor Agent cannot touch shrinkage. US tenant cannot query EU tables. Least-privilege, machine-enforced.
  • Classifications drive access
    Tag a column pii, financial, or operational once. Every agent, every query inherits the rule. No copies of the policy to keep in sync.
  • Who changed what, on the record
    Every charter edit, prompt change, and policy update is logged with name, time, ticket, and approver. Diff two versions side by side. Roll back in one click. Export to your SIEM.
  • Writes need a named human
    Read-only by default. Exports, write-backs, schedule pushes. Anything that mutates state gates on approval from a role you define. Logged with the approver’s identity.
  • Audit any number on the page
    Click a forecast, a margin call, a shrinkage flag. Ward shows the SQL, the source tables, the model, the parameters, and the backtest. Procurement stops asking how the number was made.
Pause
One toggle freezes every agent across every tenant. Resumes clean. Nothing replays.
Kill switch · instant
Audit log
Every prompt, query, model call, charter edit, and answer. Streamed to your SIEM the moment it happens.
JSONL · Splunk · Datadog
Region & tenancy
US stays US. EU stays EU. Single-tenant in your AWS or Azure account on request.
VPC · data residency
Customer-managed keys
KMS or HSM-backed. Rotate, revoke, hold the receipts. Ward never sees the key material.
BYOK · CMK · envelope
Cyber liability policy
Cyber and tech E&O on file with an AI rider. Certificate of insurance to your procurement team in a day.
Cyber · tech E&O · AI
Model card on every number
ARIMA, Holt-Winters, Bayesian hierarchical, gradient-boosted residuals. The forecast, the MAPE, the backtest, on the card.
Forecasts your planners trust
03
Data handling

Your data, your keys, your region.

Customer Data is yours. Ward processes it under a limited license to deliver the service, and only that. Nothing trains a public model. Nothing leaves your region without a contract that says it can.

Encryption
TLS 1.3 in transit. AES-256 at rest. Key material in AWS KMS or your HSM. Customer-managed keys on request.
TLS 1.3 · AES-256 · KMS
Data residency
US-East and US-West for US tenants. Frankfurt and Dublin for EU tenants. Tokyo for Japan. Region pinned at the tenant level.
us-east-1 · eu-west-1 · ap-northeast-1
No public-model training
Customer Data is never used to train a public foundation model. Tenant-scoped fine-tunes only, opt-in by contract.
Contractual · tenant-scoped
Single-tenant on request
Deploy Ward inside your AWS or Azure account via VPC peering or PrivateLink. Your network, your account, your boundary.
VPC · PrivateLink · AWS · Azure
Retention & deletion
Configurable retention windows per data class. Hard delete in 30 days post-termination, with audit log of the wipe.
Configurable · auditable
Sub-processor transparency
Every sub-processor (LLM providers, hosting, observability) is listed below with the data class it touches and the contract that governs it.
Listed · contracted · current
04
Compliance & certifications

Where we are, and where we’re going.

Status, not aspiration. We tell you what’s in place today, what’s in flight, and when we expect each item to land. If you need something on this list before signing, ask. We’ll either send it or tell you when we can.

SOC 2 Type II In progress
Audit window opened with a Big Four-adjacent firm. Type I letter available now. Type II report expected Q3 2026. Bridge letter on request.
GDPR Ready
DPA available. Standard Contractual Clauses for EU transfers. Data residency in Frankfurt or Dublin for EU tenants. DPO contact in the DPA.
CCPA / CPRA Ready
California consumer rights honored under the DPA. Data subject access, deletion, and opt-out workflows documented.
ISO 27001 2027 roadmap
Controls in place today. Formal certification scheduled after SOC 2 Type II lands. Available on request for enterprise contracts.
Pen testing Annual
Third-party penetration test annually. Latest summary letter available under NDA. Critical findings remediated within 30 days, all findings within 90.
HIPAA On request
BAA available for pharmacy retailers handling PHI. Single-tenant deployment recommended for HIPAA workloads.
05
Sub-processors

Every vendor that touches your data.

Listed below. If a sub-processor changes, we notify by email 30 days before the change takes effect, with an objection window per the DPA.

Vendor Purpose Region Data class
AWSHosting, storage, KMSUS, EU, JPAll
AnthropicLLM inference (no training)USOperational only
OpenAILLM inference (no training)USOperational only
Google Vertex AILLM inference (no training)US, EUOperational only
DatadogApplication monitoringUSLogs, metrics
StripeBillingUSBilling only

Single-tenant deployments can exclude any third-party LLM. Self-hosted open-weight models supported on request.

06
Insurance & incident response

Coverage on file.
Response on the clock.

Cyber liability & tech E&O

Cyber liability and technology errors & omissions coverage in force, with an AI rider that covers errors in model output. Carrier name and certificate of insurance available to your procurement team within one business day.

  • Cyber liability with breach response
  • Tech E&O with AI/ML rider
  • Additional insured endorsement on request
  • COI delivered via email or vendor portal
Incident response

Documented runbook. Customer notification SLA per the DPA. Post-incident report with root cause and corrective action.

  • Detection: 24/7 SIEM alerting
  • Triage: on-call within 15 minutes
  • Notification: 72 hours per DPA
  • Postmortem: within 14 days
07
Documents

On the table before you sign.

Architecture diagrams, contracts, audit letters, insurance certificates. Most arrive within a business day. The few under NDA arrive after a one-page MNDA.

Architecture review packet
Network diagram, data flow, agent topology
MSA & Order Form
Standard or your paper, redline-friendly
Data Processing Addendum
GDPR, CCPA, SCCs, sub-processor list
SOC 2 Type II report
Type I now · Type II Q3 2026 · under NDA
Penetration test summary
Annual third-party test · under NDA
Certificate of insurance
Cyber, tech E&O, AI rider
Business Associate Agreement
HIPAA-covered tenants
Security questionnaire
CAIQ, SIG Lite, custom. Pre-filled.
08
Disclosure & contact

Found something? Tell us.

Coordinated disclosure. We respond within one business day, triage within three, and credit researchers in the changelog when fixes ship.

Security disclosure
security@getward.ai
Procurement & legal
legal@getward.ai
Book a security review See the architecture →

Your security review starts with a short list of questions.

Architecture, MSA, DPA, SOC 2 letter, COI. On the table before you sign.

Get a demo
Get started

Find out what your data has been hiding.

Tell us about your operation. We’ll show you the problems Ward catches — and the ones your current tools miss.

Step 1 of 3
What are your goals?
Step 2 of 3
About your operation
Step 3 of 3
Your contact info