Your data
stays yours.
Protected in code, not in promises.
Encryption everywhere, access that expires, and AI that never trains on your data, enforced by the system itself and proven on request.
Your data never trains anyone's models.
For AI work, we run inference on BAA and enterprise model tiers (Vertex AI, AWS Bedrock, OpenAI's BAA tier) that do not retain or train on your data. Your information is processed for the task and nothing is persisted to model infrastructure. PHI never reaches a model without an executed BAA, and network egress to any non-BAA destination is blocked at the application layer.
No training
We run inference on BAA and enterprise model tiers that are contractually barred from training on your data. Your prompts and your records never become someone else's training set. The terms are written into the model contract, not assumed.
No retention
Your data is processed in memory for the duration of the task, then it is gone. Nothing is persisted to model infrastructure, no prompt logs, no embeddings cache, no retained copy on the provider side. There is no quiet store for it to leak from later.
No non-BAA path
Network egress to any destination without an executed BAA is blocked at the application layer, in code. PHI cannot reach a model that has not signed for it. The boundary is enforced by the system, not left to a person to remember.
Access that has to be earned, and expires.
Hardware-backed MFA on every administrator and engineer account. No SMS codes, no shared logins. Production access is requested per task, scoped to the smallest necessary surface, granted for a fixed window, and revoked when the work is done. Every grant is logged with who, what, why, and for how long.
Identity
- Hardware-backed MFA on every administrator and engineer account
- No SMS codes, no shared logins, no password-only access
- Phishing-resistant security keys for engagements that require it
Authorization
- Role-based access control enforced at the application layer
- Postgres Row-Level Security enforced again at the database
- The same permission check fires in two places by design, so one missed guard cannot expose data
Just-in-time
- Production access is requested per task, never standing
- Each grant is scoped to the smallest necessary surface
- Access expires on a fixed window and every action is logged with who, what, and why
Lifecycle
- Quarterly access reviews remove anything no longer needed
- Onboarding and offboarding follow a documented checklist
- Departed personnel lose all access the same business day
Run it your way. Cloud, your private network, or fully isolated.
Tenant isolation is enforced at the database with Postgres Row-Level Security. Where an engagement requires it, we deploy into your private VPC or a fully isolated, network-restricted environment. You choose where your data lives. We pin the region in code and verify it at deploy time.
Cloud
- Data residency
- Mainland-US regions, region pinned in code
- OTC access level
- Scoped, time-bounded, logged
- Zero data retention
- Available
- Network egress
- Allowlist at the application layer
Controls enforced by the code itself.
Policy without enforcement is just a document. Our controls are written into working software: a static-analysis gate runs on every pull request, a build cannot proceed if a control regresses, and the runtime is default-deny. A forgotten sensitive field has no path out.
Pre-merge
A static-analysis rule blocks the pull request if a new code path writes a field that is not on the allowlist. The author sees it in code review, before anything ships.
Build-time
The same rule runs in continuous integration. A build cannot proceed if a control regresses, so a broken guard never reaches an environment.
Runtime
The serializer is default-deny. Unknown fields are dropped, not silently forwarded, so a field nobody anticipated still has no path out.
Single source of truth
The allowlist is the source of truth. A field is invisible to the outside world until someone adds it on purpose and a reviewer signs off.
Three layers, one rule
The same rule runs at three layers, so no single missed review can let sensitive data slip out unnoticed.
Safe by default
Default-deny means the failure mode is safe. When something unexpected appears, the system drops it rather than leaking it.
We look for the weaknesses first.
Every pull request runs static analysis before it can merge. Every production deploy triggers dynamic scanning, and critical findings block the release. For engagements that require it, we commission independent third-party penetration tests, track every finding to closure with date evidence, and re-test the critical ones.
Static analysis
- Semgrep runs on every pull request, before any code merges
- A finding can block the merge until it is resolved or explicitly accepted
- Rules encode our own control policy, not just generic checks, so our specific guardrails are enforced
Dynamic scanning
- Nuclei DAST runs against every production deploy
- Critical findings block the release rather than ship and wait
- The application is re-scanned on the next deploy, so a fix is confirmed in place
Penetration testing
- For engagements that require it, we commission independent third-party tests
- Every finding is tracked to closure with date evidence, not just noted
- Critical findings are re-tested after remediation to confirm they are actually closed
Found a vulnerability? We want to know.
Report it to security@owntheclimb.com. Our disclosure policy and contact are published at /.well-known/security.txt.
Reviewing us for a security-sensitive build?
Bring your security team. We will walk your architecture, share our control documentation, and answer the questionnaire directly. You own all code, data, and models from the first commit.
Agentic Systems · AI Agents · Custom Software