Trust Center
Bringing AI into your delivery pipeline raises a fair question: who can see your data, what can the platform do on its own, and can you prove it later. This page lays out how IntegraCI answers each one. The same controls protect every tenant, from a guided evaluation to a self-hosted, air-gapped install.
At a glance
Data isolation
A tenant reading another tenant's data is the failure you can least afford to explain. IntegraCI uses database-enforced row-level security, so the boundary holds in the database even when a query forgets to scope itself.
Enforced in the database
Tenant isolation runs on database-enforced row-level security, so the database itself blocks one tenant from reading another. It does not depend on app code remembering to filter.
Closed by default
A request with no tenant context gets nothing back, not everything. When isolation breaks, it breaks safe. Background jobs follow the same rule.
Two layers, not one
The application scopes its own queries as a second line of defence. The hard guarantee sits underneath it, in the database row policies.
tenant_a
tenant_b
closed by default
Governance and audit
IntegraCI is AI-native, so automation can move work forward on its own. That only works if a human keeps the say and the trail holds up. Every action runs through policy, the sensitive ones wait for approval, and what happened is written down in a form an auditor can verify.
AI runs behind a gate
AI actions pass through a governed gateway with policy-as-code checks. Anything sensitive stops for a human to approve before it proceeds.
Policy as code
Your rules are versioned and evaluated on every run, not reviewed by hand once a year. A change that breaks policy is blocked, not flagged after the fact.
Tamper-evident trail
Every action is recorded once and chained, so the trail you export proves itself. Edit a record and the chain stops adding up.
Compliance policy bundles
IntegraCI ships policy bundles with controls mapped to the frameworks regulated teams answer to. The rules ship as code, so they are versioned and checked on every run instead of reconstructed by hand before a review.
SOC 2
Controls mapped to the Trust Services Criteria, evaluated on every run.
ISO 27001
Annex A controls as policy bundles you can read, version, and test.
GDPR
Data export and right-to-erasure workflows built in.
PCI-DSS
A policy bundle for the controls in scope for cardholder-data teams.
HIPAA
Safeguard controls mapped for teams handling PHI.
NIST 800-53
Control families mapped as versioned, tested policy.
These are compliance policy bundles for SOC 2, ISO 27001, GDPR and more, with controls mapped to each framework. They are not a certification or a claim of being certified. They give you policy you can run, read, and test against the standard you report on.
Data handling and sub-processors
IntegraCI sits over the tools you already run rather than replacing them. You connect your own CI, your own SAST scanner, and your own cloud, so the bulk of your data never leaves your systems.
You connect your own tools
IntegraCI talks to the CI, scanners, and clouds you already run through a broad library of connectors. Your code and artefacts stay in your systems. We hold pointers and results, not your source.
Credentials live in a dedicated store
Connector secrets go straight to a secrets store at install. The application database holds a reference, never the value, so a leaked database hands over no usable credential.
Sub-processors kept to a minimum
A managed deployment uses a small, listed set of infrastructure sub-processors. Self-host and the list is yours. We share the current list on request.
Where it runs
Some teams cannot send data anywhere outside their own walls. IntegraCI runs self-hosted, including air-gapped, with no outbound calls. If you would rather not run it yourself, a managed deployment carries the same controls.
Self-host, up to air-gapped
Run the whole platform inside your own network, including fully air-gapped installs with no outbound calls. The same isolation and audit controls apply.
Managed, if you prefer
Let us run it for you on a managed deployment, with the same governance and tenant isolation as the self-hosted build.
Identity stays yours
Your identity provider remains the source of truth for access. Single sign-on with SAML is included from the Team plan up, and automated provisioning (SCIM) comes with Enterprise.
Responsible disclosure
We want to hear about it. Reports go straight to our security team, and we ask only that you give us reasonable time to remediate before any public disclosure. The reporting form and our handling process live on the security page.
The security page walks through tenant isolation, the audit trail, secret handling, and the policy bundles, with the reasoning behind each one. Read it before your next review.