The data-plane controls a federal security reviewer asks about, described at the mechanism level. For the signing primitive and the compliance roadmap, see the Trust Center.
Workspace-scoped tables are designed around row-level security keyed to your workspace. User-facing workspace routes should resolve through tenant-scoped access paths, and folder classification is fail-closed: content defaults to a restricted enclave until a folder is explicitly marked shared. Scoped search normalizes the folder path before any query runs.
Chunk text, metadata, and AI prompt and response bodies are encrypted with a per-workspace data key, wrapped by a key-encryption key. Writes are forced through the encrypt RPC suite — database CHECK constraints reject any attempt to store plaintext for new rows.
Ingested chunks are fingerprinted with a keyed HMAC at write time. The hashing key is a provisioned secret, and the A.4 ingestion path fails closed if it is missing or too short.
Each workspace holds its own SAM.gov key and its own model-provider credentials — no shared pool. A per-firm spend meter checks budget before every model call and records actual cost after, with a hard monthly cap that drops calls rather than overrun.
Termination is never an immediate delete. It flips a pending flag and freezes writes across your workspace tables — read access stays so you can export. The purge is designed to run only after a 7-day cooling-off window, through a cron route gated by a bearer secret.
When the cooling-off ends, the privileged termination path cascades the workspace delete and stamps a permanent tombstone. Chunk text, embeddings, and AI interaction bodies are removed through that flow. NIST 800-171 media-sanitization crypto-shred is on the roadmap, not yet claimed.
Retention is deliberately asymmetric. Evaluation-audit metadata, signal flags, and file hashes survive permanently for DCAA-style audit needs. The underlying chunk text, embeddings, and AI interaction bodies purge completely. You can prove what happened without retaining what was processed.
No SOC 2 report. No FedRAMP authorization. No IL2-IL5 accreditation. No CMMC Level 2 assessment. No third-party penetration-test results to publish. Commercial cloud v1 — FedRAMP is not required for the SDVOSB set-aside tier we serve under FAR 13 / 19; GovCloud and IL5 land at Series A close. We will not display a badge we have not earned.
This page describes the data-plane controls as built. Any change to isolation, encryption, key handling, the termination flow, or audit retention lands here and on the Trust Center first. For a security questionnaire or architecture detail under NDA, email kyle@lexcivis.ai.
Email kyle@lexcivis.ai for a security questionnaire or an architecture walkthrough under NDA. Replies typically within 24 hours.