Security Architecturev1.0

Security Isn't a Feature.
It's the Foundation.

Sorvian operates on a zero-trust policy toward public AI models. Every principle, pipeline stage, and deployment tier is designed so your raw data, PII, and proprietary IP never leave your control — no exceptions, no edge cases, no "acceptable risk."

Read the Principles
0
Raw documents sent to public models
100%
Of PII stripped before boundary crossing
6
Non-negotiable security principles
Core Principles

Six Non-Negotiables
That Govern Everything.

Every part of the Sorvian platform — from the ingestion pipeline to query routing — is enforced against these principles. They are not configurable toggles.

01

Zero Raw Data Transmission

No original documents, PII, or proprietary IP is ever sent to public AI models.

  • Original content never crosses the trust boundary — under any configuration
  • Every outbound call is inspected and recorded
  • A guarantee of the platform, not an optional policy setting
02

Local-First Processing

Parsing, anonymization, and classification happen before anything crosses your boundary.

  • All sensitive handling completes before any egress
  • Applies to both Sorvian Cloud and On-Premise deployments equally
  • No raw content reaches a frontier model in any mode
03

Derived Content Only

External models receive sanitized summaries, anonymized queries, and stripped context.

  • Frontier models receive a role-scoped, sanitized view — never the source
  • Raw source material is never substituted by its derivatives
  • Context is assembled against the boundary, not shipped across it
04

No Third-Party Storage

Sorvian never retains your raw data. Derived artifacts stay under your control.

  • Raw documents are not persisted in Sorvian infrastructure
  • Originals are accessed in place from your source systems
  • You control retention, deletion, and audit at the source
05

Automatic PII Stripping

Personal and sensitive information is identified and removed before egress.

  • Personal, financial, and identity signals are caught on every query
  • Sensitive fields are removed or masked before anything leaves
  • Every decision is logged for audit and replay
06

IP Anonymization

Trade secrets and proprietary logic are transformed before any external query.

  • Proprietary identifiers, codenames, and trade secrets are masked
  • Anonymization is applied in context — not as a blanket pattern match
  • Frontier models never see original references to protected IP
The Trust Boundary

What Stays In.
What Goes Out.

The Sorvian boundary is enforced, not advisory. Everything on the left is processed locally. Everything on the right is what frontier models ever see.

Inside Your Walls

Stays In

Processed, classified, and stored locally within your infrastructure. Never transmitted to an external model.

  • Raw documents, files, and attachments
  • Personally identifiable information (PII)
  • Proprietary IP, schematics, and source code
  • Customer records and financial details
  • Internal codenames and identifiers
  • Sensitivity-tagged source artifacts

Reaches Public Models

Goes Out

Derived, anonymized, and stripped of sensitive context — the minimum payload needed for frontier reasoning.

  • Sanitized summaries of derived content
  • Anonymized queries with stripped context
  • Embeddings and vectorized representations
  • Pattern-based entity references (no raw values)
  • Task-scoped reasoning prompts
  • Result-shape hints and schema descriptors

Never Transmitted

Raw filesPIIProprietary IPCustomer records
Access Control & Identity

One Knowledge Base.
Scoped to Every User.

Sorvian plugs into the identity provider your organization already runs and enforces access at every layer — from authentication, to document-level permissions, to the redaction of individual fields in a query result.

Sign In With

Microsoft
Microsoft
Google
Google
O
Okta
AD
Azure AD

Single Sign-On

Onboard the whole org in minutes. Sorvian supports Microsoft, Google, and Okta out of the box — no separate credentials to manage.

MS · Google · Okta

Role-Based Access Control

Roles and groups sync from your existing identity provider (Azure AD, Google Workspace, Okta) or can be managed natively inside Sorvian.

Azure AD · Native

Query-Time Result Scoping

Access control doesn't stop at the document. Every query result is re-scoped to the requesting user — sensitive fields are redacted in-flight.

Enforced per request

See It In Action

Same Question. Different Answers.

Query-time scoping means a standard employee and an HR executive can ask the exact same thing — and Sorvian returns the right answer for each.

The Query

“What's the compensation range for a Senior Engineer?”

As

Standard Employee

Answer is returned, but compensation details are ████████ redacted.

Sees general role context (title, level, requirements)

Does not see salary bands, equity, or bonus structure

Does not see individual employee records

As

HR Executive

Full answer returned with complete compensation data

Sees full salary bands, equity grants, bonus structure

Access to individual records within scope

Every access is logged and auditable

Enforcement happens inside the Sorvian pipeline — before any derived content is sent to a frontier model.

Deployment Security

Two Deployment Paths.
One Security Standard.

Run Sorvian fully managed on our AWS-secured cloud, or keep everything on your own hardware inside your walls. Either way, the trust boundary is enforced and the rules don't bend.

The Zero-Retention Promise

We never store your raw documents.

In both deployment paths, Sorvian only persists derived artifacts — embeddings, summaries, sanitized entities. Originals are accessed in place from your source systems (OneDrive, SharePoint, Google Drive, etc.) and never copied into Sorvian storage.

Recommended

Path 1

Sorvian Cloud

Fully managed and secured by AWS. We host the middleware on hardened, isolated infrastructure — you connect your data sources and start querying. No servers to provision, no hardware to maintain.

Cloud-Specific Guarantee

Only derived artifacts live inside Sorvian Cloud. Your raw documents are read from your source systems, processed in memory, and never written to our storage.

  • Hosted on hardened AWS infrastructure
  • Isolated tenant environment per organization
  • Encryption in transit and at rest
  • Zero hardware, zero DevOps setup required
  • Fastest path from signup to production
  • Automatic updates and patching

Path 2

Local / On-Premise

Deploy Sorvian entirely on your own hardware — workstation, server rack, or full datacenter. Air-gap capable for the strictest sovereign, classified, or regulated environments. Nothing ever leaves your infrastructure.

On-Premise-Specific Guarantee

Sorvian has zero visibility into your deployment. All pipeline stages, models, and data stay within your walls. You control everything — storage, logs, updates, access.

  • Runs entirely on your own hardware
  • VPC or fully air-gapped deployment
  • Large models run internally — no external API calls (Fortress)
  • Updates delivered via secure install wizard
  • Ideal for regulated, sovereign, or classified environments
  • Full infrastructure control from your IT and DevOps teams

Same Sorvian software. Same distillation pipeline. Same six security principles. The only difference is where the boxes run.