Security, privacy & compliance¶
Venturi is the enterprise system of record for AI consumption — and it is engineered so that the highest-risk objection a security team can raise ("an attribution tool that sees all of our AI traffic is itself a breach surface and an availability risk") is answered by architecture, not by promise.
This section is written for the people who review Venturi before it is deployed: your security team, your privacy and data-protection office, your procurement reviewers, and — where it applies — your EU works council. Every claim here is grounded in the platform's binding architecture and its published controls.
The security posture in one page
- Venturi runs inside your own trust boundary. The data plane deploys VPC-native in your cloud account. Your transactional and AI-invocation data never leaves that boundary. The control plane is outbound-only — it initiates nothing inbound.
- Every integration is read-only, enforced at the IAM layer with an explicit
Denyon all write actions. Venturi cannot mutate a system it reads from. - Venturi cannot take your AI traffic down. The gateway is fail-open with a hard 50 ms timeout: under any failure, your request is forwarded unmodified. Fail-open is not configurable.
- Outputs are confidence-bounded so financial decisions never rest on false precision. Operational confidence is capped at 0.95; only attributions at or above 0.80 are chargeback-eligible.
- Adoption intelligence is cohort-only by construction (minimum cohort of 5). Venturi performs no individual-worker profiling and no emotion or behavioral-state inference.
- No prompt or completion content is ever stored. Venturi attributes consumption from metadata.
How to read this section¶
The pages below describe Venturi's security architecture as it works when deployed. Throughout, in-architecture controls are stated plainly in the present tense, and the forward compliance program (SOC 2, the formal GDPR program, the EU AI Act registration) is presented as a clearly-labeled roadmap with explicit phase gates. We never imply Venturi holds an attestation it does not yet hold.
| Page | What it answers |
|---|---|
| Security architecture | Where Venturi runs, the trust boundary, read-only integrations, encryption, secrets, the fail-open guarantee, and the threat model. |
| Tenant isolation | How your data is isolated from every other tenant: per-tenant stores and keys, cross-tenant rejection, and break-glass support access. |
| Data privacy & retention | What Venturi does and does not collect, the 13-month retention default, and crypto-shred erasure. |
| Data-subject rights | How access, erasure, and portability requests are handled, and Venturi's processor role. |
| Residency & subprocessors | Where data lives, region pinning, and the minimal subprocessor surface. |
| Compliance | SOC 2 readiness, GDPR posture, CCPA, and EU AI Act self-classification. |
| Trust center | The consolidated trust summary, the control framework crosswalk, and how to request diligence artifacts. |
The invariants behind everything¶
A small set of frozen invariants shapes every security control in this section. They hold on every deployment and cannot be configured away.
Fail-open is absolute on your AI traffic
No code path may block or degrade a live customer AI request. The synchronous gateway works to a 50 ms P99 end-to-end budget and fails open on breach — your traffic is forwarded unmodified and the event is logged with null attribution. Authentication, authorization, tenant isolation, export, and billing fail closed; customer traffic never does. See Security architecture.
Read-only integrations, enforced at IAM
Every connector carries read-only scopes only, and the IAM policies attached to Venturi's workloads contain an explicit deny on all write actions. This is a frozen invariant: write permissions cannot be added.
No content capture
Content inspection is disabled by default. Venturi processes invocation metadata — identity, service, project, cost, tokens, timing — never prompt or completion bodies. Provider API keys are stored only as a truncated, non-reversible prefix.
Honest confidence, never false certainty
Operational confidence (coper) is policy-capped at 0.95 and cannot be raised. Only coper ≥ 0.80 is chargeback-eligible. Unknown cost is reported as unknown, never as zero. See the confidence model.
Where to start¶
- A security reviewer evaluating Venturi should begin with Security architecture, then Tenant isolation.
- A privacy or data-protection reviewer should begin with Data privacy & retention and Data-subject rights.
- A procurement or diligence reviewer should begin with the Trust center and Compliance.
For the technical system context these controls protect, see How Venturi works and the full System architecture.