NEW: New Research: AI Agents and Algorithmic Redlining
Read Now
Trust & Security
Security isn't a feature we bolt on — it's the architecture we build from. Every layer of the Trinitite platform is designed with defense-in-depth to protect your data, enforce compliance, and provide cryptographic proof of governance.
Governance
Trinitite is built on Hexagonal Architecture (Ports and Adapters), a design pattern that enforces security principles structurally rather than as an afterthought. Every security boundary is defined as a formal interface — authentication, database access, logging, and secrets management are all isolated, injectable, and independently verifiable.
Our security policies are based on the following foundational principles:
01
Access is limited to only those with a legitimate business need, granted on the principle of least privilege. Every API key carries scopes, every user carries only the roles they need.
02
Security controls are layered according to defense-in-depth — enforced simultaneously at the application layer, the database layer, and the infrastructure layer. If any single layer is compromised, the others maintain protection.
03
Controls are applied consistently across all areas of the platform, enforced structurally through the architecture. External systems — databases, identity providers, log sinks — can be replaced without touching core security logic.
04
All security controls are deployment-agnostic — present whether the system is self-hosted in your data center, running in a private cloud, or operating in a hybrid configuration. No security control depends on a specific vendor or infrastructure provider.
Compliance
Trinitite's security controls are designed to satisfy the technical requirements of major compliance frameworks from day one.
SOC 2 Type II
Controls Implemented
Logical access controls, immutable audit logging, cryptographic integrity, encryption at rest and in transit, disaster recovery with tested RTOs.
GDPR
Compliant
Data minimization, right-to-erasure compatibility, per-organization data residency enforcement, consent verification, and data portability.
HIPAA
Compliant
Role-based access controls, MFA enforcement, immutable audit trails with hash chain verification, TLS transmission security for all connections.
FedRAMP
Aligned
Multi-factor authentication, configurable session management, password complexity enforcement, comprehensive audit trails.
Data Sovereignty
Trinitite is a self-hosted platform by design. The entire system — the Control Plane, the Inference Service, and the Training Service — runs inside your own infrastructure. This has direct security implications that most SaaS governance platforms cannot match:
All governance logs, AI inference results, and user data live exclusively in your database, behind your firewall
No Trinitite employee or system has access to your data — there is no telemetry, no phone-home, and no external data egress
You control the encryption keys, the database, the network policies, and the backup schedule
Deployment Modes
Full Self-Hosted
All services on-premises or in your private cloud
100% on-premises
Hybrid
Control Plane on-premises with optional managed AI services
Customer controls all data
Managed (Planned)
Full managed offering with regional deployment
Region-specific, encrypted
Data Protection
Data at Rest
API keys are cryptographically hashed before storage — the raw key is shown only once at creation and cannot be recovered
User passwords are hashed with bcrypt using automatic salting; plaintext passwords are never written to any storage layer or log
Session tokens and verification tokens are hashed before database storage, time-limited, and single-use
MFA secrets are stored encrypted; backup codes are individually hashed and consumed upon use
Every tenant-facing row carries organization-level scoping for complete data isolation
Data in Transit
TLS encryption for all external-facing connections
Database connections support TLS/SSL encryption in all deployment modes
Internal service-to-service communication operates over private network channels within the deployment perimeter
HSTS and modern cipher suites enforced where applicable
Secret Management
Dedicated secrets management abstraction supporting multiple production backends
Production adapters for AWS Secrets Manager, Azure Key Vault, and HashiCorp Vault
Secrets are never hardcoded — injected via container orchestrator or retrieved from a dedicated secrets manager at startup
Encryption keys managed through customer-controlled key management systems
Cryptographic Integrity
Every governance decision logged by the platform produces a cryptographic State Tuple — a deterministic, fully-specified snapshot of the decision including the timestamp, identifiers, conversation input, governance outcome, and a hash of the active policy that produced the decision.
Each State Tuple is SHA-256 hashed and linked to the previous entry in a Merkle chain construction — identical in structure to a blockchain. This makes the audit trail mathematically tamper-evident.
Tamper Detection
Modifying any single log entry — even one field — invalidates its hash and breaks every chain hash that follows. The break is detectable by recomputing the chain.
Non-Repudiation
A verified chain proves that governance decisions occurred exactly as recorded, in exactly that order, with exactly that policy active at the time.
Deterministic Replay
Because the full state tuple is stored, any governance decision can be replayed and verified against the original log for forensic audit or regulatory review.
Chain Verification
An automated verification function walks the entire chain for an organization, recomputes every hash, and reports the exact index of any tampered entry.
a3f7c2
prev: NULL
Genesis
8b01d9
prev: a3f7c2
Entry 2
e4f529
prev: 8b01d9
Entry 3
7c3a1b
prev: e4f529
Entry N
SHA-256 HASH CHAIN — MERKLE CHAIN CONSTRUCTION
Immutability
Beyond the cryptographic hash chain, audit log tables are enforced as immutable at the database level — a separate, independent control that operates even if the application layer is compromised.
Database triggers unconditionally block any attempt to update or delete protected records — regardless of who issues the command. Application code, admin consoles, and direct database clients are all subject to the same enforcement.
New logs can always be written, and existing logs can always be read. The immutability is enforced at the operation level, not via access controls that can be bypassed.
GDPR Compatibility
When a user exercises the right to erasure, the system records a redaction specifying which fields should be suppressed. Personal data fields are replaced with redaction markers in the display layer. The audit record of the governance event is preserved for legal defensibility — only the personal data is suppressed.
user_email: [REDACTED — GDPR]
governance_event: PRESERVED
chain_hash: INTACT
Data Isolation
Select the isolation tier appropriate to your compliance requirements — from database-enforced row-level security to complete physical separation.
Level 1
Default
Row-Level Security
All organizations share a single database schema, but native Row-Level Security policies ensure each organization can only see its own rows. The database query planner rewrites every query automatically — even application bugs cannot expose cross-organization data.
Level 2
Enhanced
Schema-Per-Tenant
Dedicated database schema per organization with physically separate tables. Provides performance isolation, individual backup and restore capability, and can be configured per organization alongside Level 1.
Level 3
Maximum
Database-Per-Tenant
Complete physical separation with a dedicated database instance per organization, potentially on a dedicated server. Supports per-tenant connection pooling for maximum isolation.
Data Residency Enforcement
Each organization's required data region and compliance requirements are recorded and enforced. GDPR-flagged organizations are validated against regional routing rules. Built-in compliance views provide auditor-facing reports on data residency status.
Identity & Access
Dual Authentication Model
API Key Authentication
For programmatic and machine access. Keys are scoped to an organization with granular permission sets, validated via hash lookup, and support instant revocation with full audit trail.
User Session Authentication
For dashboard and UI access. Supports email/password, OAuth 2.0, and SAML 2.0 authentication with configurable session expiration and MFA verification state.
Single Sign-On
OAuth 2.0
Google, Microsoft, Okta, and Auth0 with automatic user provisioning and configurable default role assignment.
SAML 2.0
Any standards-compliant Identity Provider including Okta, Azure AD, PingFederate, and ADFS. Supports assertion validation, group-to-role mapping, Single Logout, and automatic user provisioning.
Multi-Factor Authentication
TOTP-based MFA compatible with Google Authenticator, Authy, 1Password, and any RFC 6238-compliant app. Enforcement is configurable: platform-wide, admin-only, or per user. Backup codes are provided at enrollment, individually hashed, and single-use. Sensitive operations can require MFA re-verification.
Role-Based Access Control
Granular permissions enforced on every protected endpoint. Built-in system roles for administrators, developers, viewers, and auditors — each carrying the minimum required permission set. Organizations can define custom roles with arbitrary permission combinations. All role assignment events are recorded in the audit log.
Application Security
SQL Injection Prevention
100% of database queries across all supported adapters use parameterized queries with positional or named parameters. No string concatenation of user input into SQL — validated in the test suite.
Rate Limiting
Distributed rate limiting with support for both centralized (Redis-backed) and single-instance deployments. Applied at the controller level to prevent abuse and resource exhaustion.
Circuit Breakers
Outbound calls to downstream services are protected by circuit breakers. If a service degrades, the circuit opens automatically, preventing cascading failures and providing fast-fail responses.
Input Validation
All API request bodies are validated against strict schemas before reaching controllers. Invalid requests are rejected with structured error responses — no unvalidated input reaches business logic.
Error Handling
A global exception handler catches unhandled exceptions and returns normalized error responses. Sensitive information — stack traces, database details, internal paths — is never exposed in production.
Soft Deletes
Critical records use soft deletes to preserve audit trail integrity and foreign key relationships in log tables. This enables recovery from accidental deletions without touching immutable audit records.
Infrastructure
Containerization
All services ship with production-ready container images designed for non-root execution. Docker Compose and Kubernetes manifests support secure environment variable injection.
Resource Limits
Database connection pools with configurable limits, idle timeout, and automatic cleanup prevent connection exhaustion and ensure predictable resource consumption.
Network Architecture
Internal AI services are accessible only from the Control Plane — never exposed to external networks. Only the Control Plane's HTTP endpoint is exposed, typically behind a reverse proxy handling TLS termination.
Disaster Recovery
Scenario
RTO
RPO
Single instance failure
0 min
0
Multi-instance failure
5 min
0
Database corruption
30 min
5 min
Region failure
2 hours
5 min
Complete disaster
4 hours
24 hours
Daily full backups with hourly point-in-time recovery
7-year retention with tiered storage (hot → cold → archive)
Offline air-gapped backups for ransomware protection
Automated daily backup verification and quarterly DR simulations
Observability
All logging routes through a pluggable backend selected at deployment time. Structured JSON with consistent fields — log level, timestamp, service, request ID, and organization context — ensures clean ingestion into any SIEM or monitoring pipeline.
stdout / stderr
Docker & Kubernetes log collection
Splunk HEC
Enterprise SIEM & SOC 2 compliance
Datadog
Cloud monitoring & APM
AWS CloudWatch
AWS-native deployments
Per-Request Governance Log
Every governance API call produces a log record with 40+ fields including identifiers, outcome, corrections, AI reasoning transparency, performance metrics, token usage, request metadata, and cryptographic chain fields. Designed for 7-year retention.
Schedule a security-focused walkthrough of the Trinitite platform. We'll show you the cryptographic audit trail, the immutable logs, and the defense-in-depth controls designed for your compliance requirements.
Trinitite
The Guardian AI platform. Every decision — reviewed, corrected, protected.
Solutions
AGRC Framework
Research
Blog
© 2026 Fiscus Flows, Inc. · All rights reserved
The Guardian Standard™