Most "AI for business" tools route your client data through a multi-tenant cloud you don't control, with a "trust us" attached. We don't. Each firm gets a private deployment, every action is logged and reversible, and sensitive work waits for partner approval. The default posture is paranoid.
We've thrown out features that violated any of these. They're load-bearing, not aspirational.
The operator runs in a deployment dedicated to your firm. Your client records, chats, and documents stay in that boundary. No multi-tenant brain. No training on your data. No shared embeddings.
Every read, every write, every send is logged with who triggered it, what it touched, and why. Filterable, exportable, addressable by audit. If it shouldn't have happened, you can see it and undo it.
Money out, contracts going live, client sends, anything irreversible — partner approval required, by default. You configure which actions need a human and which just run. Nothing slips.
We deploy a dedicated environment for every firm. Your operator, your memory store, your connector credentials, your audit trail — all live in compute that belongs to your engagement and nobody else's.
What that means in practice: if a vulnerability hit one customer's deployment, it does not reach yours. If a different customer corrupts their memory store, you don't see it. There is no shared brain.
You choose where it sits. Default is our managed infrastructure (US-East or US-West). For firms with compliance constraints — HIPAA-leaning, regulated finance, public-sector — we deploy into your own AWS / GCP / Azure account or your on-prem hardware on the same five-day timeline.
The operator inherits your firm's hierarchy. Front desk doesn't see partner-only matters. Associates can't approve their own engagement letters. The intern can't trigger the "send to all clients" playbook.
Per-channel scope. Each playbook is bound to specific channels and specific roles. A playbook in #partners-only never reads from #general and never writes into #client-x.
Approval chains. Sensitive actions can require N-of-M approval — e.g. partner OR senior associate for engagement letters, two partners for any wire over $25k.
| Action | Front desk | Hygienist | Doctor |
|---|---|---|---|
| Read patient chart | ● | ● | ● |
| Submit insurance claim | ● | — | ● |
| Submit appeal > $1k | approve | — | ● |
| Refund a patient | — | — | approve |
| Run recall campaign | approve | — | ● |
| Edit playbook config | — | — | ● |
| Export audit log | — | — | ● |
Read, write, send, fail, retry, approve, reject. Each entry carries who triggered it, what it touched, why it ran, and the resulting artifacts. Searchable in the dashboard. Exportable as CSV or JSON for your auditor.
Reversible by default. The operator auto-snapshots its working state before every file change. Any individual action can be undone with /rollback. The full-text session index is the searchable layer underneath the dashboard. None of this is bolted on — it's how the runtime works by default.
Compliant retention. Logs retained for the period your industry requires — 7 years for tax practices, 10 for legal, indefinite if you tell us so. Stored in your environment, not ours.
We're a pre-Series-A company. We will not claim certifications we don't hold. Here's where everything actually stands, with target dates we'll keep updated.
HIPAA posture. The architecture is HIPAA-ready: per-firm boundaries, encryption, audit logs, BAA-able sub-processors. BAAs are signed at onboarding for any healthcare engagement — dental, medical, behavioral health. Full HIPAA attestation is on the SOC 2 Type II timeline.
What we'll never claim. We are not "ISO 27001 certified," "FedRAMP authorized," or "SOC 2 Type II" until those audits are complete. If you need any of those today, talk to us — we'll either tell you when we'll have it or that you should pick someone else.
Auditor engaged. Type I report available under NDA.
BAA-able today. Full attestation on SOC 2 timeline.
External pen test every 12 months · NDA required.
GDPR-aligned DPA on request. Three sub-processors.
security@firmcraft · 90-day fix SLA · public bounty soon.
Pursued after SOC 2 Type II clears.
No. Your firm's data — chats, documents, charts, audit logs — is never used for model training. Not by us, not by the model providers we route through. This is enforced contractually with our model providers and architecturally by the per-firm deployment.
By default, US-East-1 (Northern Virginia) for managed deployments. We can deploy to US-West, EU regions, or your own AWS / GCP / Azure account. On-prem deployment is available for firms with that requirement; we'll quote the engagement separately.
You get a full export within 5 business days — every chat, document, audit log entry, and playbook configuration in open formats (CSV, JSON, Markdown, PDF). Your deployment is then destroyed and we hold a 30-day backup for emergency recovery, after which it's also destroyed. We notify you when the final destruction completes.
Three engineers, named in our DPA. Access is logged, scoped to the specific issue, and time-boxed. Routine support and onboarding don't require access to your data — they work from telemetry and your screen-share.
The operator routes across 45+ supported LLM providers, with built-in automatic failover and credential pools that distribute load across keys. If Anthropic has an outage, we route to OpenAI, Bedrock, or Gemini without you noticing. In the case of a security incident at a provider, we have contractual notification obligations and our own 24-hour incident SLA — we'd notify you, isolate any affected workflows, and switch routing.
Yes — BAAs are part of standard onboarding for healthcare deployments (dental, medical, behavioral health). Signed before any patient data flows.
Yes, under NDA. Email security@firmcraft and we'll get it to you within one business day.
The operator runs on Hermes Agent, an MIT-licensed open-source platform maintained by Nous Research. Your skills, memory files, integrations, and audit logs are all stored in standard formats on infrastructure you can take with you. You — or another vendor — can pick them up and run a Hermes deployment elsewhere on day one. We don't own the runtime. We operate it for you. No lock-in, by design.
Architecture diagram, sub-processor list, DPA, BAA template, SOC 2 Type I, pen-test summary, incident-response runbook. One email.