Security & Deployment
Security you can point at, not security in adjective form.
Every control below is implemented in the platform today — with a specific mechanism, not a category label. Choose cloud, on-premise, or hybrid; the security model travels with you.
Last reviewed by the platform team on
Trust topology
Every module inherits the same governance layer.
Tap any layer to see how it helps a buyer evaluate the platform.
Signal
Doors, visitors, cameras, intercoms, parking, and devices generate live operational signals instead of isolated alerts.
01Signal
Doors, visitors, cameras, intercoms, parking, and devices generate live operational signals instead of isolated alerts.
02Context
Each signal becomes useful because operator, person, role, site, zone, policy, and related module records are shown together.
03Action
Teams approve, deny, review, escalate, annotate, or link evidence without leaving the command surface.
04Audit
Every decision keeps the who, what, when, why, and related evidence needed for handoff, reporting, and investigation.
Hosting choice does not change the trust model — the same controls apply in cloud, on-prem, and hybrid deployments.
The controls
Six layers of control — each one with a specific mechanism.
Everything below is live and verifiable in the running platform. For a security or compliance review, the deployment team can walk you through the underlying controls and the audit trail in detail.
Access & sign-in
How people sign in and prove who they are
Stolen sessions are detected and shut down
Sign-in sessions are short-lived and renew automatically. If a session is stolen and reused, the platform detects it and ends the whole session — not just one request.
Two-factor authentication
One-time authenticator codes with backup codes, rolling out organization by organization.
Extra confirmation for sensitive actions
High-impact actions — revoking a credential, disabling a user — ask for a PIN re-confirmation. Being logged in is not enough on its own.
Keeps working offline
Access terminals keep making the right decisions during a network outage and re-sync cleanly when the connection returns.
One consistent password policy
The same password rules apply everywhere an account is created or reset — no weaker side doors.
Data isolation
How each organization's data stays separate
Strict separation between organizations
Each organization's people, devices, and records are fully isolated. One organization can never see or reach another's data.
Organization-scoped sign-in
Login is tied to your organization, so a password leaked elsewhere can't be pointed at your account.
Role-based permissions
Everyone sees and does only what their role allows, checked on every action. Optional modules stay switched off until you enable them.
The AI assistant acts as you, never above you
The assistant works on behalf of the signed-in operator, with exactly their permissions — it never holds its own elevated access.
Audit trail
What gets recorded, and for how long
A complete, tamper-proof record
Every login, change, and access event is recorded. The log can only be added to and read — never edited or deleted — so history can't be quietly altered.
Two years of searchable history
Records are kept for two years and stay searchable, so investigations and compliance reviews have the full timeline.
Always-on recording
Audit logging runs independently of day-to-day operations, so even a busy moment never leaves an event unrecorded.
Data residency & AI
Where your data lives — including with AI
You choose where data lives
Run in the cloud, fully on-premise, or hybrid. The same security model applies in all three.
AI can stay inside your perimeter
For sites with data-residency requirements, the AI assistant runs on a model inside your own deployment — no data leaves your network. The platform will not start cloud AI where residency is required.
No silent failures
If the AI provider is unavailable, the assistant says so clearly instead of stalling the operator's work.
Encryption & protection
How data and devices are protected
Encrypted device credentials
Camera and device passwords are encrypted while stored, and only decrypted when needed to connect.
Controlled access to the platform
Only approved applications and trusted network paths can reach the platform — and an unsafe configuration is blocked before the system will start.
Read-only display screens
Public wall displays use read-only access: they can show assigned dashboards but never change anything, and access can be revoked individually.
Reliable operations
How the platform stays reliable in production
Safe, no-downtime updates
Updates are designed so a deployment never takes the live system offline.
Documented recovery procedures
Every production incident becomes a written recovery runbook, so the response stays fast and repeatable.
Deployment
Three deployment models, same security model.
Cloud
Managed rollout
Faster start, managed platform operations. Default AI is cloud-hosted. Best for greenfield deployments and multi-site portfolios without strict residency rules.
On-premise
Site control
Full stack inside your perimeter — including on-premise AI. No telemetry, no outbound AI calls. Required for government / healthcare / residency-bound sites.
Hybrid
Phased modernization
Control plane in cloud, sensitive workloads on-prem. Per-tenant AI profile lets one portfolio mix cloud and on-premise inference under one operator UI.
Best fit
For sites where trust is part of the buying decision.
If your security review starts with "show me the audit trail, how tenants are isolated, and where AI data goes" — you're in the right place.
Next step
Bring your security review to the deployment team
We will walk through the actual controls — data isolation, the audit trail, and where AI data goes — not just a feature checklist.