SECURITY

The firm’s data. The firm’s infrastructure. Our reasoning.

RAM Core runs inside the firm’s environment, isolated from every other firm, and never trains on a single deal.

Book Demo

ARCHITECTURE

THE FIRM’S ENVIRONMENT
THE FIRM’S VPC / CLOUD
RAM CORE

Deal data does not leave this boundary.

01

Private deployment.

RAM Core deploys into the firm’s environment — its VPC, its cloud, under its control. The intelligence comes to the infrastructure rather than pulling data out of it. The firm holds the keys, the network boundary, and the audit trail.

02

Data isolation.

There is no shared model reasoning across firms, and no cross-client data. Each firm’s context is walled off by design — RAM Core reasons over that firm’s deals and only that firm’s deals. Another firm’s data never touches the instance.

03

No training on client data.

Client deals do not train the model. RAM Core reasons over the firm’s data in the moment; it does not learn from it and carry it forward into anything else. No customer data is ever used to train any model — ours or anyone’s.

SOC 2 — WHERE WE ARE

SOC 2 Type II — in progress. We will not display a badge until we have earned it.

QUESTIONS YOUR CISO WILL ASK

Where does our data live?

Inside your environment. RAM Core deploys to your VPC and cloud; your data does not leave your infrastructure to be reasoned over.

Is our data used to train any model?

No. RAM Core does not train on your deals, and no customer data is ever used to train any model — ours or anyone’s.

Can another client’s instance see our data?

No. Instances are isolated. There is no shared reasoning layer and no cross-client data.

Are you SOC 2 certified?

Not yet. SOC 2 Type II is in progress. We will show you what controls are in place today and will not claim certification until it is earned.

Who can access our instance and how is that logged?

Access is firm-controlled. Your administrator invites users; no self-signup exists, and access is revocable immediately by the firm admin. Three tiers: Admin (provisioning, configuration), Analyst (full query and output access), and Read-only (output review only). Every query, output, and document ingestion is logged with timestamp, user identity, and action — the log is append-only and available to your compliance contact.

Talk to us about your deployment.

Bring your CISO. We will walk through architecture, isolation, and where certification stands.

Book Demo