Security & data control

Built for businesses that can't afford to lose control of their data.

Auxetic ships in two shapes: a hosted SaaS tier for most businesses, and an air-gapped Sovereign tier for regulated industries where data cannot leave the building.

SaaS controls

The default tier

What every customer gets on day one — without an enterprise contract.

✓

EU hosting option

Choose a European region for storage and compute.

✓

Encryption in transit & at rest

TLS everywhere; managed encryption for stored data and artifacts.

✓

Role-based access

Workspace- and dataset-level permissions for your team.

✓

Customer-controlled deletion

Delete a dataset and its artifacts on request; full account deletion on close.

✓

PII detection

We flag emails, phone numbers, credit-card patterns, and other PII at profile time.

✓

Tenant isolation

Per-dataset, read-only analytical views — no cross-tenant data access.

✓

No foundation-model training

Your data is never used to train foundation models. Period.

✓

Audit-ready activity logging

Upload, profile, forecast, and report activity logged per workspace.

Sovereign tier

Air-gapped on-prem, for businesses where data cannot leave the building.

Designed for the industries where client privilege, regulation, or contract prevents data from ever touching a public API.

How it works

→Local LLM bundled — no calls to Anthropic, OpenAI, or any external API.
→Signed offline installer (Docker Compose or Kubernetes Helm), delivered as a single artifact.
→Customer-controlled storage, updates, and license validation.
→Telemetry hard-off — no outbound network from the deployment by default.
→Updates applied offline from signed artifact bundles you review before installing.

Built for

→Law firms — Matter intake, billable utilization, win-rate, conflicts. Client privilege is non-negotiable.
→Financial services — Funds, asset managers, banks (MAR / MiFID / SEC contexts).
→Healthcare — Patient flow, claims, billing in HIPAA-controlled environments.
→Defense / gov contractors — ITAR-, CMMC-, and DoD-IL-constrained workloads.
→Pharma / biotech — Trial data, formulations, and other IP-sensitive analytics.

Status

The Sovereign tier is in active development and we're in design-partner conversations now. If your industry needs air-gapped AI analytics, we want to talk — get in touch and we'll shape it around your security and compliance requirements.

Talk to us about Sovereign

Compliance posture

Architected around the controls your reviewers expect.

GDPR-ready architecture

EU hosting option, deletion on request, retention controls, and no foundation-model training on customer data by default. Formal compliance statements follow legal review.

SOC 2 in scope

We're architecting to the SOC 2 Type II control set. Certification is on the roadmap; design-partner readiness comes first.

HIPAA-ready (Sovereign tier)

Air-gapped deployments are designed to fit HIPAA-controlled environments. BAA available on the Sovereign tier.

DPA available

Data Processing Agreement template available for enterprise customers on request.

We avoid casual compliance claims. Specific frameworks (SOC 2 Type II, ISO 27001, HIPAA) will be confirmed publicly only after audit. Internally, we're already architecting toward them.

Auditable forecasting

Every forecast comes with its receipts.

Three forecasts, not one black box

Each source's prediction, backtest, and the personas' critique are inspectable. You see which model said what, who disagreed, and why.

Confidence scores, not vibes

Panel-agreement score, per-source backtest accuracy, and interval coverage — not just a single interval and a hope.

Outliers surfaced

Data-quality outliers at profile time; forecast-residual outliers in backtest. Easy to find, easy to action.

Dissent preserved

If one of the three forecasts disagreed, the minority view is kept as a caveat — not silently discarded.

Read more about how Auxetic forecasts →

AI data policy

What our AI sees, and what it doesn't.

Your raw business data stays in your storage. The AI analyst and profiler operate against the dataset via read-only DuckDB views; only the results of explicit tool calls (SQL aggregates, forecast outputs, chart specs) are summarized back to the language model.

Foundation-model training is opt-out by default. We don't use customer data to train models. SaaS LLM calls go to our provider (Anthropic) under their no-training policy; Sovereign deployments use a local LLM and make no external calls at all.

Numbers in the answer come from the data. The analyst has a numeric-grounding guardrail: figures quoted in an answer must trace to a tool result. Untraceable numbers are flagged as unverified.

Ready to stop guessing?

Join early access and see how Auxetic turns your sales, demand, cash-flow, and operational data into predictive clarity.

Join the waitlist Try the product

We'll invite selected businesses for a Forecast Readiness Audit.