Home / Trust
Security & Governance
Enterprise-grade security and controls.
Infrastructure, architecture, guardrails, and human oversight: Nous AI holds every layer to rigorous standards, keeping your data secure, private, and under your control.
Defence in depth.
No model training
We never use your data to train artificial intelligence models, ours or anyone else's.
Data sovereignty
Your data is hosted in European data centres. It's yours, and it stays that way.
Data control
You control what's ingested at a granular level, and can delete your data at any time.
Data isolation
By design, your data is kept isolated from other customers' data.
Encryption
Encrypted at rest with AES-256 and in transit with TLS 1.2 or higher.
Single sign-on
Sign in through your identity provider, so your MFA and session policies apply.
Network restrictions
Optional IP allow-listing restricts access to the networks you control.
Permissions enforced
Source-level permissions enforced at retrieval time, so people see only what they're entitled to.
Grounded responses
Our architecture keeps responses grounded in your sources, verifiable and auditable.
Traceable decisions
Decisions are recorded with their reasoning in audit-ready logs, ready when compliance asks why.
Human-in-the-loop oversight
Escalation and review controls that hand off to a human the moment judgement is needed.
Model-agnostic by design
Resilient to model outages, rate limits and API changes, so you keep improving without re-platforming as the best model changes.
Engineered for trust and human control.
Multi-layered guardrails, deterministic layers where correctness is non-negotiable, and graceful handoffs to humans wherever judgement is needed.

Your knowledge base
Permissions attached, encrypted at rest.
Strictly scoped retrieval
Permissions enforced; deterministic filters applied.
Grounded generation
Answers only from what retrieval returned.
Multi-layered guardrails
Hallucination blocked; policy and scope enforced.
Answer, on the record
Citations attached, reasoning logged.
Boundaries respected
Every output and action stays within the scope you define.
Deterministic layers
Numerical work is detected and calculated by code; key integrations run deterministically.
Human oversight
Deliberate, graceful handoffs to a human wherever judgement is needed, with full context.
Frequently asked questions.
Is our data used to train AI models?
We never use your data to train artificial intelligence models, ours or anyone else's.
How is our data isolated from other customers?
Each client is provisioned in a logically segregated tenant. All data access runs through a tenant-aware data layer that constrains every read and write to the requesting tenant, and retrieval is strictly bounded to your knowledge base.
Where is our data stored, and how is it encrypted?
In European data centres, encrypted at rest with AES-256 and in transit with TLS 1.2 or higher.
Who can access our data?
Your users, under your rules: single sign-on with your identity provider means your authentication policies apply, and permission-aware retrieval keeps each user inside what the source systems already entitle them to see. You can additionally restrict access to your own network ranges.
On our side, production access is least-privilege: limited to authorised engineers whose roles require it, via strong authentication over a secure corporate VPN.
What happens to our data if we leave?
You can request deletion of specific datasets or your entire tenant at any time, confirmed in writing. After termination, all client data, including primary stores and backups, is securely and irreversibly deleted within 90 days, unless law requires longer.