Enforces your policies, not the vendor's
Content filters in foundation models are written for a generic consumer. Your business has specific rules. Data classes you can't export, approval flows for certain actions, topics only some teams can ask about. The Platform enforces those. Yours. On every interaction.
Your rules run on every call
Policies are evaluated at request time. If a rule denies, the request never leaves your governed boundary.
Who is it?
identityRole, Space, jurisdiction. Identity resolved in one call.
What's in it?
contentContent inspection. Names and personal data, secrets, regulated categories, redaction rules.
What does policy say?
policyMatching rules evaluated in order. First match wins. Reasons captured.
Allow, deny, transform
actionBlock the call, approve it as-is, or rewrite the payload before it leaves.
Compliance that doesn't bend
Your AUP, executable
Upload your AI acceptable-use policy and we turn it into matchers. Every edit lands as a diff.
Transform, don't just block
When a prompt contains names or personal data, the Platform filters and continues. Users don't hit a wall, data still stays home.
Auditor-ready out of the box
Every decision emits an entry with matched rule, policy version, and full inputs. Export to your SIEM nightly.
What teams actually enforce
DPIA category blocking
Health Spaces can't send data to general-purpose models. Full stop. Logged.
Auto-redact before send
Customer emails with BSN/IBAN are tokenized before reaching any external model.
Legal hold interception
Accounts under legal hold route through a read-only policy that blocks deletion-capable tools.
Jurisdictional routing
A Dutch-government Space cannot select a model hosted outside EU. Enforced at runtime.
See your policy run against your prompts.
Share your AUP and three sample prompts. We'll wire the matchers on the call and show the allow/deny/transform decisions live.