Trust &
security controls
We are small on purpose and direct about boundaries. Verify runs through a scoped review workflow for the files you share. Horizon can run inside your own environment when you need continuous monitoring. This page shows what we handle, what you control, and how responsibilities change by deployment model.
Files arrive only for the agreed forensic review scope.
Managed reviews use access-controlled workflows and documented retention.
Continuous monitoring can run inside your own environment.
Deployment, deletion, and support terms are agreed in advance.
Need a security review?
If you have a customer questionnaire, send it over. We'll answer directly, flag what depends on deployment model, and avoid compliance theatre.
Request a review →Security Architecture
Oxaide supports two practical operating modes: a managed review workflow for Verify, and customer-controlled deployment for Horizon. The exact controls depend on which mode you buy, so we document them that way instead of pretending every workflow is identical.
Encryption in Transit
All data transmitted between your device and our servers is encrypted using industry-standard TLS 1.3.
Encryption at Rest
Managed storage uses encryption at rest through the underlying hosted infrastructure.
Data Isolation
Customer materials are handled in separate workspaces and only for the agreed review or deployment scope.
Zero-Trust Access
Administrative access follows least-privilege principles and restricted operational workflows.
Continuous Backups
Managed data services use regular backups and recovery controls appropriate to the deployment model.
Infrastructure Monitoring
Managed systems use automated monitoring and alerting for service health and operational anomalies.
Compliance & Privacy
Data Custody Commitment
For Verify engagements, customer data is handled only for the agreed review deliverable. For Horizon deployments, telemetry can remain entirely inside customer-controlled infrastructure.
Practical privacy support
We support customer privacy and security reviews with deployment-specific answers. If you need a DPA, deletion terms, or a customer-controlled deployment path, we scope it directly.
- Data deletion workflow available on request
- Data export support for customer materials
- Data Processing Addendum available where appropriate
- Security review support for regulated operating environments
- Can support customer IM8 or internal security review processes with the right deployment model and documentation.
Sub-processors
We keep the managed stack small. These providers may appear in managed workflows. On-premise Horizon deployments can reduce or remove several of them.
| Provider | Purpose | Managed Workflow | Customer-Controlled Deployment |
|---|---|---|---|
| Microsoft Azure | Managed compute | Configured per engagement | Customer-controlled instance or agreed private deployment |
| Supabase / AWS | Database | Used only where the workflow requires managed storage | Local or customer-controlled storage path where required |
| Ollama / Local | Local Agent Inference | N/A | Client premises when local inference is required |
| Cloudflare | Edge delivery & protection | Configured only where needed for managed delivery | Direct or edge-protected path, depending on customer architecture |
Availability & SLA
Status-first
Support expectations
Managed workflows are monitored and enterprise deployments can include agreed response windows. For on-premise systems, availability is shared with the customer environment and hardware stack.
Managed SLAs are scoped in contract. On-premise deployments depend partly on customer infrastructure, networking, and hardware operations.