Home / Trust

Security & Governance

Enterprise-grade security and controls.

Infrastructure, architecture, guardrails, and human oversight: Nous AI holds every layer to rigorous standards, keeping your data secure, private, and under your control.

Defence in depth.

No model training

We never use your data to train artificial intelligence models, ours or anyone else's.

Data sovereignty

Your data is hosted in European data centres. It's yours, and it stays that way.

Data control

You control what's ingested at a granular level, and can delete your data at any time.

Data isolation

By design, your data is kept isolated from other customers' data.

Encryption

Encrypted at rest with AES-256 and in transit with TLS 1.2 or higher.

Single sign-on

Sign in through your identity provider, so your MFA and session policies apply.

Network restrictions

Optional IP allow-listing restricts access to the networks you control.

Permissions enforced

Source-level permissions enforced at retrieval time, so people see only what they're entitled to.

Grounded responses

Our architecture keeps responses grounded in your sources, verifiable and auditable.

Traceable decisions

Decisions are recorded with their reasoning in audit-ready logs, ready when compliance asks why.

Human-in-the-loop oversight

Escalation and review controls that hand off to a human the moment judgement is needed.

Model-agnostic by design

Resilient to model outages, rate limits and API changes, so you keep improving without re-platforming as the best model changes.

Engineered for trust and human control.

Multi-layered guardrails, deterministic layers where correctness is non-negotiable, and graceful handoffs to humans wherever judgement is needed.

Trust at every stageNous AI
01 · Ingest

Your knowledge base

Permissions attached, encrypted at rest.

02 · Retrieve

Strictly scoped retrieval

Permissions enforced; deterministic filters applied.

03 · Generate

Grounded generation

Answers only from what retrieval returned.

04 · Guard

Multi-layered guardrails

Hallucination blocked; policy and scope enforced.

05 · Deliver

Answer, on the record

Citations attached, reasoning logged.

Boundaries respected

Every output and action stays within the scope you define.

Deterministic layers

Numerical work is detected and calculated by code; key integrations run deterministically.

Human oversight

Deliberate, graceful handoffs to a human wherever judgement is needed, with full context.

Frequently asked questions.

Is our data used to train AI models?

We never use your data to train artificial intelligence models, ours or anyone else's.

How is our data isolated from other customers?

Each client is provisioned in a logically segregated tenant. All data access runs through a tenant-aware data layer that constrains every read and write to the requesting tenant, and retrieval is strictly bounded to your knowledge base.

Where is our data stored, and how is it encrypted?

In European data centres, encrypted at rest with AES-256 and in transit with TLS 1.2 or higher.

Who can access our data?

Your users, under your rules: single sign-on with your identity provider means your authentication policies apply, and permission-aware retrieval keeps each user inside what the source systems already entitle them to see. You can additionally restrict access to your own network ranges.

On our side, production access is least-privilege: limited to authorised engineers whose roles require it, via strong authentication over a secure corporate VPN.

What happens to our data if we leave?

You can request deletion of specific datasets or your entire tenant at any time, confirmed in writing. After termination, all client data, including primary stores and backups, is securely and irreversibly deleted within 90 days, unless law requires longer.