Built for regulated enterprises
TrustPlane is an in‑VPC request‑path control plane. Compute and data stay in your cloud account; we standardize policy, routing, and audit across providers.
Architecture & data flow
Deployed inside your AWS/GCP/Azure account. The gateway/sidecar enforces SLOs and policy on the request path. Sensitive inputs/outputs never traverse a vendor‑hosted proxy.
Data protection
At‑rest encryption via your KMS (BYOK supported). In‑transit via TLS 1.2+. Optional PII detection + masking. Configurable retention and redaction for prompts, completions, and traces.
Identity & access
SSO/SAML/SCIM (Okta, Azure AD, Google). Role‑based and attribute‑based access controls for teams and workloads. Just‑in‑time access with immutable audit logs.
Network security
Private networking (VPC/VNet peering) with security groups and egress controls. No public ingress required for internal deployment modes.
Vulnerability management
Weekly dependency scanning, container image signing, and runtime baseline alerts. Customer images are scanned and attested prior to deploy.
Incident response
24×7 on‑call. Time‑bound triage SLAs and customer communications. Post‑incident reviews and corrective action tracking.
Compliance
SOC 2 program underway (Type II roadmap). GDPR alignment (DPAs, EU SCCs where applicable). Audit exports (per‑request lineage, policy hits, evaluator decisions).
Customer responsibilities
Manage IAM/KMS policies, network boundaries, and model vendor DPAs. We provide reference Terraform and hardening guides; you govern data residency and keys.