Security & Compliance

Built for public-works scrutiny.

City and county documents demand a defensible posture — so it's engineered in, not bolted on. Every claim is cited to source. Every decision is audited. Your data stays yours.

Infrastructure & Data

Isolated, encrypted, audited.

01

Dedicated AWS

All data and AI inference stay inside a dedicated AWS environment — no third-party AI endpoints, no shared compute, isolated from other customers.

02

Encryption

Encryption at rest (AES-256) and in transit (TLS 1.2+). Private, non-public RDS database. No data leaves the environment unencrypted.

03

Access Control

Microsoft Entra ID single sign-on — your tenant's MFA and policies apply. No passwords stored. Least-privilege Microsoft 365 access, scoped to designated mailboxes and sites only.

04

Audit Log

Every approval, rejection, revision, and API call is recorded with timestamp, user, and action. Full traceability for compliance review and incident response.

Compliance & Transparency

How we earn trust.

AI Safety

How Athena is designed to be safe.

01

Never autonomous

Athena never sends emails, approves submittals, or signs contracts. It drafts, recommends, and flags. A human always decides.

02

Grounded in documents

Every answer is cited to the spec section, drawing sheet, or contract clause it came from. No general-knowledge guesses, no hallucinations.

03

Money math in code

Pay-app totals, percentages, and continuity are computed by code, never by the model. Deterministic, verifiable, auditable.

04

Transparent reasoning

Agent outputs stream reasoning steps so you see how it arrived at each recommendation. No black-box decisions.

Security by design, not by bolt-on.