Cernari cernari Book a demo
SECURITY OVERVIEW

Accountable by default.

Cernari is built for regulated, multi-system operations. Every answer is sourced and audited; every deployment can be hardened down to an air-gapped tenant.

Tenant model

  • SaaS Cloud · multi-tenant cluster, per-customer logical isolation, EU-resident by default.
  • Private Cloud · dedicated isolated tenant; per-customer database, compute, encryption keys; customer-chosen region (EU, UK, US, ME, APAC).
  • Sovereign / On-prem · customer-managed cluster; air-gapped option for regulated workloads; bring-your-own-LLM.

Data minimisation

Cernari does not duplicate the customer's data warehouse. It reads via the customer's authenticated semantic model, computes the answer, and stores only its own metadata: audit log, source citation, business glossary, governance state. Raw customer data does not leave the customer's foundation in the Dedicated and Sovereign tiers.

Identity + access

  • SSO (OIDC / SAML 2.0) — Microsoft Entra, Okta, Google, custom IdP.
  • SCIM provisioning for user lifecycle.
  • Role-based access control mapped to the customer's existing semantic-model roles.
  • Per-question authorization check at query time.

Auditability

  • Every question, answer, source citation and confidence score is logged with user identity.
  • Audit log is exportable to the customer's SIEM (Sentinel, Splunk, etc.).
  • Source citation includes system, table and last refresh timestamp — visible on every answer.
  • Confidence score is computed from data freshness, lineage depth and answer certainty.

Encryption

  • TLS 1.2+ in transit (TLS 1.3 preferred).
  • AES-256 at rest for Cernari-managed metadata.
  • Customer-managed keys (CMK) supported in Dedicated and Sovereign tiers.

Operational practice

  • Least-privilege production access; break-glass procedure for incident response.
  • Continuous backups for Cernari metadata; customer data backups remain in the customer's foundation.
  • Vulnerability scanning + dependency pinning on every release.
  • Incident response: customer notified within agreed contractual window (typically 24–72 h depending on tier).

Compliance posture

GDPR-aligned. DPA available on request. SOC 2 Type I targeted for the SaaS tier in 2026. Air-gapped Sovereign deployments fit public-sector and pharma-regulated workloads. Penetration testing on request before production go-live for enterprise customers.

Reporting a vulnerability

Please email [email protected]. We acknowledge within 24 h and coordinate responsible disclosure. We do not pursue good-faith researchers.