Onboarding a limited number of private deployments this quarter. Request access →

Trust Center

Built to pass your security review.

Everything your security and procurement teams need to evaluate Calliope AI — in one place. The short version: Calliope AI runs inside your own cloud, so your data never enters ours. You're not inheriting our security posture — you're keeping your own.

The model

Your perimeter is your compliance boundary.

Most AI vendors ask you to send your data to their cloud, then ask you to trust their controls. That's the question your security team can never get comfortable with — and the reason most AI tools die in review.

Calliope AI inverts it. The whole platform deploys inside your own cloud account, network and region. Your code, prompts and data never leave the SOC 2 / HIPAA boundary you already operate. So the answer to "where does our data go?" is "nowhere it doesn't already go."

  • No data egress — nothing is sent to Calliope AI to run. Compute and storage stay in your account.
  • Single-tenant — your deployment is yours alone. No shared infrastructure, no other tenant to be separated from.
  • Your keys, your models — bring your own model provider keys, or run fully local. We never see them.
  • Your controls apply — your IAM, your VPC, your logging, your existing audits. You don't adopt ours; you extend yours.
See the security architecture →

Compliance status

Where each framework stands — honestly.

Because Calliope AI runs inside your boundary, your existing certifications cover the data. Separately, we map our own controls to the frameworks your auditors care about, and are pursuing formal attestations. No overstatement — here's exactly where each one is:

FrameworkStatusWhat it means for you
SOC 2 Type IIIn progressAttestation covering security, availability & confidentiality; audit underway. Controls operating today; report on completion.
HIPAAIn progress · BAA on requestDeploys inside your HIPAA boundary, so PHI never leaves it — a HIPAA-obligated team can run it without Calliope holding the cert. BAA available.
GDPRAlignedDPA available; in-region / EU deployment options for data-residency requirements.
EU AI Act & NIST AI RMFMappedGovernance controls (Zentinelle) map to the AI-specific obligations — logging, attribution, policy enforcement, evidence.
ISO 27001RoadmapPlanned; controls already align to the Annex A domains.
PCI DSSRoadmapNot currently certified; deployable inside your PCI-scoped environment under your controls.
FedRAMPEvaluatingOn-prem / air-gapped / GovCloud deployment available today for public-sector isolation requirements.
Full compliance detail →

Bring us into your security review.

Send us your questionnaire, or book a call with someone who can answer it. We've been the skeptical security team — we know what you need to greenlight this.

Enterprises are scaling AI agents, data science, private LLMs and secure ML with Calliope AI

Self-host enterprise AI in days.

Stop choosing between moving fast and staying in control.

See how it works →