Execution
Local and isolated
Managed deployment inside the customer-controlled environment. Your IT controls physical and network access, and the serving path is designed for local/offline operation.
Security starts with keeping sensitive work local.
adapterOS is designed for managed on-prem/offline deployment where sensitive records, policy surfaces, and proof records stay reviewable inside the customer-controlled environment.
Security summary
- Sensitive records are served locally/offline according to engagement scope, with no external AI calls during serving.
- Meaningful workflows produce a reviewable record: cited answer, receipt, policy context, and proof status.
- No third-party model training. Your data is never used to train external models or shared with third parties.
- Proof limitations should be visible when evidence is degraded or incomplete.
Access control
Policy-governed
Policy categories cover egress, evidence, isolation, retention, compliance, and incident handling. Specific operating boundaries are reviewed before activation.
Evidence
Reviewable operation
Citations, receipt records, policy context, proof packets, and dependency boundaries are designed for internal review and audit processes.
Receipts and review
Receipts bind each result to review context, so your team can inspect what happened later without depending on screenshots or operator memory. Public materials describe the evidence model at a high level; implementation specifics are shared only during qualified deployment discussions.
- Designed to support internal review, audit preparation, and incident response.
- Built to preserve enough evidence for controlled reconstruction without disclosing the full implementation on the public site.
Public security boundaries
Public materials describe reviewable boundaries without publishing proprietary receipt schemas, routing math, or replay internals.
| Boundary | Public claim | Review artifact |
|---|---|---|
| Customer records | Customer-controlled environment | Source boundary and data-touched record |
| Serving path | Local/offline according to engagement scope | Run receipt and system context |
| Policy | Egress, evidence, isolation, retention, compliance, incident handling | Policy record and proof status |
| Public website | Inquiry and briefing data only | Privacy policy and website dependency list |
Compliance alignment
adapterOS is designed for environments with regulatory requirements. The architecture supports evidence generation for frameworks including CMMC, HIPAA, SOC 2, and ITAR.
These describe design alignment, not certification claims. The system produces evidence artifacts that support your compliance workflows. Detailed compliance mapping is available during deployment discussions.
External dependencies
We minimize external service dependencies. For transparency, the following services are used outside the on-premises system:
| Service | Purpose | Data shared |
|---|---|---|
| Resend | Email delivery for website inquiries | Email address only |
| Cloudflare | Website hosting and CAPTCHA verification | Standard web request data |
These services support the marketing website only. The on-premises adapterOS system has no runtime dependency on external services.
Security contact
Report security issues to security@adapteros.com. Include a description of the issue, affected components, and steps to reproduce.
We acknowledge security reports within 2 business days and provide an initial assessment within 5 business days.
Need security documentation for your review process?
We share detailed security and evidence materials during qualified deployment discussions.