Procurement, security audit, compliance sign-off — the three gates where enterprise AI projects stall. Vairity is engineered so they don't. Validation at generation, policy enforcement at execution, agent identity at runtime. Audit-defensible on the first build.
When you self-host, the Vairity platform runs inside your VPC, data center, or private cloud. Data stays within the boundary you operate unless you explicitly configure integrations or managed-cloud paths that your security review approves. No forced shared tenancy.
The Vairity platform deploys in your infrastructure via Docker Compose or Kubernetes. You own the runtime, the data, and the keys.
Multi-tenant isolation, team RBAC, and a credential vault with scoped access. No engineer sees credentials they don't need.
OntologyOS-powered audit trails produce human-readable evidence: "Blocked: PHI export to non-BAA region per HIPAA §164.502." Not a JSON trace your auditor has to interpret.
Finance, healthcare, insurance, government, and every enterprise software company whose customers have a security review — we built the compliance architecture before we built the product features. Because no enterprise team gets to "add security later" anymore.
In progress, targeting Q4 2026. Built to SOC 2 criteria from architecture inception — audit logs, access controls, change management, and availability monitoring all live in the platform today.
HIPAA-compliant deployment mode available for healthcare organizations. Data residency controls, PHI handling policies, and Business Associate Agreement (BAA) support.
Data residency controls ensure personal data stays in your specified region. Data subject request support and retention policy automation via workflow automation.
Self-hosted deployment in your own VPC, private cloud, or on-prem data center. Air-gapped deployments available for government and defense use cases.
Multi-tenant isolation with complete org-level separation. Granular RBAC across teams, workspaces, and integrations. Credential vault with scoped access per connector.
Every execution, every action, every change — logged, timestamped, and exportable. OntologyOS produces human-readable audit entries, not raw JSON. Replay any execution for investigation.
The Vairity platform deploys inside your infrastructure. Docker Compose for development and pilots. Kubernetes (with Helm charts) for production at scale. Your VPC, your cloud, your on-prem data center.
All agents, connectors, and the workflow engine run inside your environment. External calls — LLMs, connected services — only happen when your workflows explicitly invoke them.
Read deployment guide →Vairity speaks SOC 2, ISO 27001, HIPAA, and GDPR natively. Posture findings surface where your CISO already looks — control by control, with coverage, exceptions, and approval-SLA breaches mapped to the exact framework references your audit team will reach for.
| Requirement | Vairity Platform | Status |
|---|---|---|
| Self-hosted deployment | Available now | |
| Role-based access control | Available now | |
| Full audit log + replay | Available now | |
| Credential vault | Available now | |
| Multi-tenant isolation | Available now | |
| Data encryption at rest | Available now | |
| HIPAA deployment mode | Available now | |
| GDPR data residency controls | Available now | |
| SOC 2 Type II certification | Q4 2026 — in progress | |
| SSO / SAML integration | Q4 2026 — in progress | |
| Air-gapped deployment | Available — contact us |
We'll walk your security team through our architecture, controls, and deployment model.
Self-hosted · HIPAA mode · Air-gap available · Enterprise agreements
FAQ
Yes. The Vairity platform runs on your infrastructure — on-premises, private cloud, or air-gapped — so data stays within the environment boundary you control. We also offer managed cloud for teams that prefer it; your configuration and policy determine whether external services (for example LLM APIs) are permitted.
We are on the SOC 2 Type II roadmap. The platform is architected to SOC 2 standards — audit logging, access controls, least-privilege roles, and encrypted credential storage. Certification documentation is available to enterprise customers under NDA.
Yes. The Vairity platform has a HIPAA deployment mode: enforced data residency, disabled external model calls for PHI workflows, and enhanced audit logging. We offer BAA agreements for healthcare customers.
Through an encrypted credential vault. Secrets are stored encrypted at rest, never logged, and never exposed in agent context windows or audit trails. Each agent receives only the scoped credentials it needs — enforced at the platform level, not via trust.
Not by default. The Vairity platform is LLM-agnostic and supports fully local model deployment (Ollama, vLLM, private endpoints). If you configure an external provider, you control which workflows use it and exactly what data is passed. No data is ever sent to Vairity's servers from self-hosted deployments.
