Data handling with clear boundaries.
We operate the ITGC testing workflow and produce the workpaper evidence; your licensed auditor concludes and signs. Evidence lives in your dedicated tenant with row-level isolation at the database engine; an append-only audit trail records every material action; AI never finalizes a conclusion. Mutual NDA available on request as part of scoping; data-handling, breach-notification, and post-termination deletion terms are bargained per customer in the Master Services Agreement.
- 01
We operate
Sampling, evidence mapping, AI testing, quality review, and exception triage run under our operation inside your dedicated tenant. Nothing auto-finalizes.
- 02
We produce
The workpaper + evidence-testing record, with full provenance on every AI determination — model, confidence, evidence excerpts, rationale.
- 03
You conclude & sign
Your auditor reviews and accepts or overrides every AI result; no unreviewed AI result can lock a control. The professional judgment is the authoritative gate.
In a Managed Operation engagement, muratov.io (operated by Bonfleur s.r.o.) is not a CPA firm, audit firm, law firm, or consultancy and renders no opinion, assurance, or attestation — the same boundary printed in the exported workpaper's required legal preamble.
Evidence-first determinations, fully attributed
Evidence-first means no mapped evidence yields INCONCLUSIVE, an empty fact value yields FAIL not PASS, and no model returns Pass/Fail without an evidence quote. Every AI result carries full provenance — extracted facts with a 0–100% confidence score, evidence excerpts, rationale, the model used (Claude Haiku 4.5 / Sonnet 4.6; Opus 4.8 for advanced analysis), and evidence IDs. Mandatory auditor review on every result before sign-off.
AI inference: Anthropic Claude API (US; no model training on customer data, per Anthropic's commercial-API terms — 7-day API log retention)
Where your data lives
Primary customer data is stored in the United States on Neon — the only US-anchored sub-processor; transactional processors operate in their own regions per their published policies. Eight named sub-processors deliver the platform:
| Neon | Managed PostgreSQL (US) — primary customer data, automated point-in-time recovery |
|---|---|
| Clerk | Authentication sessions + user metadata |
| Anthropic | AI inference (see § 02) |
| Vercel | Hosting + platform delivery + transactional log storage |
| Vercel Blob | Evidence-file blob storage, tenant-scoped paths; customer audit files at rest |
| Pinecone | Content-retrieval index, tenant-isolated namespacing, exact-text matching |
| Upstash | Redis rate-limit + locks — request IPs + user identifiers only; no customer audit content |
| Resend | Transactional email for contact-form delivery |
The authoritative per-customer Sub-Processor list is maintained in MSA Schedule A with 30-day change-control notice.
Hashed, proxied, immutable
TLS 1.2+ (HSTS enforced); encryption at rest by Neon (AES-256). SHA-256 content hash on every uploaded evidence file, surfaced in the Evidence Index. Evidence blob URLs are never exposed in API responses — an authenticated, tenant-verified download proxy serves the bytes. Append-only audit trail: UPDATE/DELETE blocked by database immutability triggers.
Engine-enforced, defense-in-depth
PostgreSQL Row-Level Security, session-bound via set_config inside transactions, on all 22 tables; application-layer tenant filtering as defense-in-depth. Composite foreign keys enforce the cross-tenant invariant at the SQL layer. Cross-tenant access returns 404 (not 403) so existence is not leaked. Server-side authz on every entry point; fail-closed middleware.
A control cannot lock until gates clear
Named sign-off gates — testing, QC acknowledgment, AI review, exception closure, traceability, 80% coverage minimum. Hard blockers are separated from informational warnings. Quality review runs 6 control-level checks plus 29 per-sample data-integrity check types (self-approval, segregation-of-duties, post-termination activity, SLA breaches); 8-step workflows (Access / Security / Change) and 9-step (Operations).
Governed by the MSA
Breach-notification timing/scope is governed by the per-customer MSA breach-notification clause. Our internal incident-response runbook (severity taxonomy + forensic-preservation procedure) is shared under NDA during procurement review, with post-incident root-cause documentation. No uptime SLA is claimed — availability is reasonable-efforts per the MSA.
The same architecture runs custom audit-workflow platforms for other streams.
Session-bound multi-tenant isolation, append-only audit trail, deterministic seeded sampling, evidence-first AI with mandatory human sign-off, gated workflows. A capability portfolio — no assurance, compliance guarantee, or attestation.
Have specific requirements?
Mutual NDA available on request as part of scoping. Data-handling, breach-notification, sub-processor, and security-review questions are addressed during the scoping call.