Q

xAQUA

2.0

For Government
Sign In
Get Demo
Security & Compliance ยท Architecture page

Private by design. Trusted by default.

Security isn't a feature we added. It's the architecture we started with.

The same platform runs in commercial enterprise, regulated industries, and government. Compliance is a property of the platform โ€” not a project to bolt on later.

Your data stays in your environment. AI runs inside your boundary. Asset IDs never reach the LLM. Every action logged. Every access traced. SOC 2 Type II, HIPAA, and GDPR certified โ€” aligned with NIST CSF 2.0, NIST AI RMF, FedRAMP, and ISO 42001.

See the framework โ†’ Request Trust Center
๐Ÿ›ก๏ธ
xAQUA Trust Posture
Independently audited ยท continuously monitored
SOC 2 Type II
CERTIFIED
HIPAA
CERTIFIED
GDPR
CERTIFIED
FedRAMP
READY
NIST 800-53
ALIGNED
StateRAMP
IN PROGRESS
Plus alignment with NIST CSF 2.0, NIST AI RMF, ISO 42001, CCPA.
Zero
Data Stored
Private
VPC Deployed
100%
Tenant Isolated
Every
Action Audited
23
Routes Deterministic
Six Trust Pillars

Trust isn't a checkbox.
It's the way we built it.

Six properties of the platform that make xAQUA safe to deploy in your environment โ€” from a 50-person startup to a $300B public agency.

๐Ÿ”’
Your data stays yours
xAQUA stores nothing of its own. Your data lives where it always has โ€” in your warehouse, your VPC, your environment. We sit on top, never in the middle.
๐Ÿค–
Private AI only
AI runs inside your environment. No public AI services. No third-party APIs leaking your prompts. Self-hosted models on your GPUs โ€” safe for the most regulated workloads.
๐ŸŒ
Deploy anywhere
Multi-tenant SaaS for SMB. Private VPC for enterprise. GovCloud-class with air-gapped option for federal, state, and local agencies. You choose where it lives.
๐Ÿ‘ฅ
Respects your access model
Cezu and every agent honor the permissions you already have. SSO, SAML, OIDC, SCIM, advanced RBAC. Users see only what they're entitled to see โ€” no second access model to manage.
๐Ÿ“‹
Full audit trail
Every question asked, every workflow run, every data access โ€” logged, traceable, exportable to your SIEM. SOC 2 Type II aligned. Audit-ready by design.
โœ“
Certified & compliant
SOC 2 Type II. HIPAA. GDPR. CCPA. Aligned with NIST CSF 2.0, NIST AI RMF, ISO 42001. FedRAMP-Ready. NIST 800-53 mapped. StateRAMP in progress.
The Architectural Invariants

Five rules.
Ordered by blast radius.

These are the design rules engineering enforces in code. They aren't policies you can override in production. When a proposed change would violate an invariant, the answer is no.

1
Cezu is commerce-unaware
Entitlement, subscription state, trial status, pricing logic โ€” none of it lives in the routing layer. Adding commerce would couple a high-iteration subsystem to a high-stability one. Routing has zero commerce dependency.
NEVER in router Billing service / module boundary
2
ToolContext is intentionally minimal
The context passed from Cezu to any module is exactly three fields: asset_id, asset_type, query. Nothing else. Context bloat is how routing layers turn into application layers.
NEVER add fields Modules look up their own context
3
Asset IDs never reach the LLM
Asset IDs are tenant-scoped identifiers. Leaking them to the model creates a data exposure vector and enables prompt injection attacks. The LLM Gateway strips any field matching the asset-id shape from outbound prompts. Models receive resolved names, types, and semantic descriptions only.
NEVER in prompt Resolved at routing time
4
The router never assembles schema or connections
Schema lookup, credential resolution, and connection-string assembly happen at the module boundary or in dedicated services โ€” never in routing. Cezu is one of many entry points; if schema assembly lived in the router, every other entry point would reimplement it or depend on Cezu.
NEVER in router Module / dedicated service only
5
Asset resolution is shared across routing and decomposition
The asset resolution engine used by the router is the same engine used by Chat with Data sub-query decomposition. One implementation. One source of truth. A second implementation will drift โ€” and drift causes queries that route correctly to fail downstream for reasons no one can debug.
One engine, two callers NEVER fork
The LLM Gateway

Every model call,
enveloped and sanitized.

All AI traffic in xAQUA flows through a single LLM Gateway. The Gateway sanitizes outbound prompts, attaches usecase telemetry, applies guardrail policy, and attributes cost โ€” for every call, every time.

One choke point. Every guardrail.

The Gateway is the only path from xAQUA to any LLM โ€” self-hosted or otherwise. You can audit, redact, throttle, or block at one place instead of policing every module.

  • Sanitize. Asset IDs, connection strings, and tenant-scoped tokens stripped from outbound prompts.
  • Envelope. Every call carries customer_id, user_id, LLM_USECASE_CONTEXT, and LLM_USECASE_SUBCONTEXT โ€” driving telemetry, cost attribution, and guardrail policy.
  • Attribute. Cost per tenant, per agent, per route โ€” measured at the call site, not estimated.
  • Throttle. Rate limits enforced at the Gateway, not per module โ€” one place to defend the model budget.
  • Audit. Every prompt, every response, every refusal logged with envelope metadata. Exportable to your SIEM.
Inbound ยท Module โ†’ Gateway
prompt: "Show revenue for asset_id: a8f2โ€ฆ last quarter"
customer_id: "acme-co"
user_id: "u-12345"
LLM_USECASE_CONTEXT: "intent_classification"
LLM_USECASE_SUBCONTEXT: "analyst_route"
โ†“ Gateway sanitizes & resolves
โ†’ TO MODEL
Outbound ยท Sanitized prompt
prompt: "Show revenue for North America Sales last quarter"
Asset ID resolved to semantic name. Tenant tokens stripped. Envelope metadata stays out of prompt.
Where Data Lives

A clear answer
to "where is my data?"

In xAQUA, the answer is the same one you started with. We don't move it. We don't copy it. We don't store it. The platform sits on top of where your data already lives.

๐Ÿ’พ
Source of record
Snowflake, Databricks, Postgres, S3, MotherDuck, Salesforce, ServiceNow, and 100+ other systems.
YOUR DATA WAREHOUSE ยท YOUR LAKE ยท YOUR SaaS APPS
โ€” Customer trust boundary โ€”
๐Ÿง 
Semantic Layer
Definitions, lineage, metric DAG, business glossary. Metadata only โ€” no row-level data.
YOUR xAQUA TENANT ยท INSIDE YOUR VPC
๐Ÿพ
Cezu Router
23-route intent classifier. Resolves asset references. Dispatches to modules. Sees only resolved names โ€” never your data.
YOUR xAQUA TENANT ยท INSIDE YOUR VPC
๐ŸŒ
LLM Gateway
Sanitizes outbound prompts. Strips asset IDs and tenant tokens. Sends only resolved semantic descriptions to the model.
YOUR xAQUA TENANT ยท INSIDE YOUR VPC
๐Ÿค–
LLM Inference
Self-hosted Llama 3.3 70B, GPT-OSS 120B, or your private model of choice. Runs inside your boundary. No third-party APIs.
YOUR GPUs ยท YOUR xAQUA TENANT ยท INSIDE YOUR VPC
๐Ÿ“‹
Audit Log
Every prompt, every response, every action โ€” captured, immutable, exportable to your SIEM (Splunk, Datadog, Sentinel).
YOUR xAQUA TENANT ยท STREAMED TO YOUR SIEM
The Framework Matrix

What we hold.
What we're aligned to.

The exact list โ€” independently audited certifications, formal alignments, and active in-progress assessments. No vague claims. Evidence available under NDA in the Trust Center.

Framework
Status
Scope
Evidence
SOC 2 Type IIAICPA Trust Services Criteria
Certified
Security, Availability, Confidentiality. Annual audit by independent CPA.
Report (NDA)
HIPAAHealth Insurance Portability and Accountability Act
Certified
Privacy & Security Rules. BAA available for healthcare deployments.
BAA template
GDPREU General Data Protection Regulation
Certified
Controller & processor obligations. DPA available. EU data residency on request.
DPA template
CCPA / CPRACalifornia Consumer Privacy Act
Certified
Consumer rights: access, deletion, opt-out. Service-provider terms.
Notice
FedRAMPFederal Risk and Authorization Management Program
Ready
Moderate baseline. 3PAO assessment in progress. GovCloud deployment available today.
Marketplace pending
NIST 800-53Security and Privacy Controls
Aligned
Rev. 5 control mappings. Used as baseline for FedRAMP Moderate.
Mapping
NIST CSF 2.0Cybersecurity Framework
Aligned
Govern, Identify, Protect, Detect, Respond, Recover โ€” full function coverage.
CSF self-attestation
NIST AI RMFAI Risk Management Framework
Aligned
Govern, Map, Measure, Manage. AI lifecycle controls for the six agents and Cezu.
AI RMF profile
ISO/IEC 42001AI Management Systems
Aligned
AI management system aligned. Formal certification roadmap underway.
2026 target
StateRAMPState Risk and Authorization Management
In Progress
State and local government baseline. Authorization in active assessment.
2026 target
Industry-Specific Alignment

Built for regulated work.

Not just compliant in theory. Deployed in the industries where compliance is the deal โ€” and the failure mode is on the front page.

๐Ÿฅ
Healthcare & Life Sciences
HIPAA HITRUST 21 CFR Part 11
PHI handling, BAA, audit trails for clinical and research workloads. Identity resolution for patient records.
๐Ÿ›๏ธ
Government & Public Sector
FedRAMP StateRAMP NIST 800-53
GovCloud deployment. Air-gapped option. CJIS-aware patterns for law enforcement workloads.
๐Ÿ’ฐ
Financial Services
SOX GLBA PCI DSS
Risk analytics, compliance reporting, customer 360. Lineage for regulated reporting and AML/KYC workloads.
๐Ÿ›ก๏ธ
Insurance & Pension
SOC 2 NAIC ERISA-aware
Member services, actuarial analytics, benefits administration. Proven at $300B+ pension scale.
๐Ÿญ
Manufacturing & Energy
ISO 27001-aware NIST CSF
OT/IT data unification. Predictive maintenance pipelines. Air-gapped option for critical infrastructure.
๐Ÿ›’
Retail & CPG
PCI DSS CCPA GDPR
Customer 360 across loyalty, POS, e-commerce. PII masking for marketing analytics.
โš–๏ธ
Legal & Professional Services
ABA Model Rules SOC 2
Matter analytics, document discovery, conflict-of-interest checks. Privilege-aware access controls.
๐ŸŽ“
Education & Research
FERPA GDPR
Student records, research data, institutional reporting. Cross-system identity for higher-ed analytics.

Bring your CISO.
We've already done the homework.

Audit reports under NDA. Architecture deep-dives on request. Penetration test results, SBOM, and DPA available before contract.

Request a Demo โ†’ Open Trust Center