Your data. Your infrastructure.
Enterprise-grade security with on-premise deployment. Private AI deployment on your infrastructure with complete data sovereignty and compliance control.
Security built-in
Not bolted on as an afterthought. Every component designed with security first.
On-Premise Deployment
Private AI deployment on your own infrastructure. AWS, GCP, Azure, or on-premise. Your data never leaves your network.
- Docker & Kubernetes ready
- Air-gapped deployment support
- No outbound data transfer
- Full infrastructure control
Fine-Grained RBAC
Four-tier team roles plus document-level permissions. Syncs with your existing identity provider.
- Owner, Admin, Editor, Viewer roles
- Document-level access control
- Permission inheritance
- Sync from Slack, Microsoft, Google
Governance & Policy Engine
Risk tiers T0-T5 classify every agent action. Policies resolve at platform, team, and agent levels with egress controls.
- 6 risk tiers (T0 unrestricted → T5 blocked)
- Cross-surface approval workflows
- Egress controls for external services
- Control Tower admin dashboard
Audit Logging
Every search, every access, every agent action is logged and queryable. Full compliance trail with reasoning traces.
- Complete access history
- Agent decision trace logging
- Tool execution with redacted params
- Configurable retention policies
Input & Output Guardrails
Multi-layer protection: content moderation, injection detection, PII filtering, hallucination detection, and source verification. Tool-result outputs are guardrail-checked before the agent can incorporate them, so a database query or external API response containing PII is redacted or blocked before it reaches the LLM. Apply organizational data retention policies to govern how long conversation memory and learned procedures are stored.
- Prompt injection detection
- PII detection & redaction on user input and final responses
- Hallucination detection (lexical + semantic)
- Tool-result output guardrails before agent ingestion
- Per-team configurable rules
Identity Federation
Map users across Slack workspaces, Azure AD, Google Workspace, and OIDC providers. Permission-aware search across all surfaces.
- Slack workspace → user mapping
- Azure AD identity federation
- Google Workspace integration
- OIDC SSO (Keycloak, Auth0, Okta, Azure AD, Google)
- SAML available on Enterprise plans
Compliance & Certifications
Meeting enterprise requirements.
SOC 2 Type II
Working toward SOC 2 Type II certification for our cloud offering.
GDPR Ready
Data processing agreements, right to erasure, and data portability support.
HIPAA Eligible
On-premise deployments can meet HIPAA requirements with proper configuration.
Data Residency
On-premise deployment gives you complete control over data location.
Choose your deployment
Cloud or on-premise. You decide.
ZenSearch Cloud
Managed hosting at app.zensearch.ai. We handle infrastructure, you focus on search.
- Automatic updates
- Managed backups
- 99.9% uptime SLA (Enterprise)
- SOC 2 compliance (in progress)
On-Premise
On-premise AI deployment. Full control, full privacy, full customization.
- Docker & Kubernetes
- Air-gapped support
- Custom VPC/network
- Bring your own LLM
Ready for a security review?
We're happy to walk through our security architecture with your team. Request a detailed security questionnaire or schedule a call.