Private preview is open to a few more founding customers.Apply
Security & trust

A posture,
not a badge strip.

This page is honest about what’s shipped today and what’s on the roadmap. The architectural choices that make future audits easy — per-tenant isolation, encryption at rest, no training on your data, an immutable audit log — are already in the product. The badges come after the auditors have signed off, not before.

Apply as a founding customerJump to controls →
SOC 2 Type IIOn the roadmapControls designed to map to CC-series criteria from day one. Audit planned ahead of general availability.
GDPRDPA availableData hosted in the EU today. DPA ready to sign for every workspace.
ISO 27001ISMS in designPolicies drafted against ISO 27001:2022. Certification follows SOC 2.
FedRAMP · HIPAANot in scopeNo gov-cloud or healthcare-regulated roadmap today. We say so up front so procurement doesn’t have to ask.
Four pillars

How we think
about security.

01 / ISOLATE

Isolated per tenant

Every workspace is a logically isolated tenant. Postgres row-level security gates every query; embeddings and knowledge chunks carry workspace IDs; nothing crosses the boundary.

  • Per-tenant data via Postgres RLS
  • Per-tenant vector store
  • No cross-tenant inference
02 / ENCRYPT

Encrypted at rest and in transit

TLS in transit. AES-256 at rest. Application-level encryption for the sensitive stores — OAuth tokens, API keys, per-user secrets — so a database snapshot isn’t enough.

  • TLS for every surface
  • AES-256 at rest
  • App-level encryption for secrets
03 / AUDIT

Every run, logged

Agent runs, context edits, knowledge mutations, and MCP calls all write to an immutable audit log. Retention scales with plan — up to 365 days on Enterprise.

  • Immutable audit log
  • Retention: 7d / 30d / 90d / 365d by plan
  • Per-run trace with layer + citation view
04 / CONTROL

Access you can reason about

SSO (SAML / OIDC) on Professional and above. Scoped API keys per workspace. Writes via MCP land as pending review, not silent applies.

  • SSO on Professional+
  • Scoped API keys
  • Reviewer separate from builder
Compliance roadmap

What’s shipped.
What’s next.

Shipped today

Managed SaaS · EU

Sempleo is hosted in the EU on a single region today. Per-tenant data on the same shared infrastructure, isolated by row-level security.

  • EU data residency
  • Per-tenant isolation
  • DPA available on request
  • No training on customer data
On the roadmap

SOC 2 Type II

Controls designed against the CC-series criteria from day one. Third-party audit planned ahead of general availability; the report will be shared under NDA once it’s real.

  • Third-party audit planned
  • ISO 27001 certification follows
  • Independent pen test before GA
  • DR runbook · tabletop exercised
Not in scope

Gov-cloud · dedicated VPC

No FedRAMP, CMMC, air-gapped, or customer-hosted deployment today. Sempleo is a managed-SaaS product for commercial teams. We say so here so procurement doesn’t have to ask.

  • No FedRAMP / CMMC
  • No customer-VPC deploy
  • No offline open-weights models
  • BYO LLM = Anthropic or OpenAI
Data flow

Your data,
at arm’s length.

01 / Customer
Sources

Data of record stays in your systems. Sempleo reads via OAuth; references, doesn’t mirror.

  • Gmail · Calendar · Drive
  • Slack · Jira · Notion · HubSpot
  • Your MCP servers (Pro+)
02 / Sempleo
Processing

Retrieval, agent runs, and review queue all happen in the per-tenant slice of Sempleo’s EU region.

  • Per-tenant data via RLS
  • Per-tenant embeddings
  • Immutable audit log
03 / Inference
LLM provider

Prompts go to the provider of your choice, scoped to the minimum context needed. No training on your data — ever.

  • Sempleo-managed default
  • BYO Anthropic (Enterprise)
  • BYO OpenAI (Enterprise)

No training on your data. No silent exports. Every retrieval and every run is logged with the workspace, the user, and the layers attached. Revoke a source and the reference evaporates — Sempleo isn’t holding a shadow copy.

Controls

Answers to the
vendor-risk questionnaire.

ControlHow it worksMaps to
SEC-01Data residency
Workspaces are hosted in the EU today. Multi-region (US, UK) is roadmap work; speak to us if it’s a blocker.Documented in the DPA.
SOC 2 CC6.1 · ISO 27001 A.5.31
SEC-02Encryption
AES-256 at rest, TLS in transit. Application-level encryption for OAuth tokens, API keys, and per-user secrets so a DB snapshot alone reveals nothing sensitive.Customer-managed keys are on the roadmap, not shipped.
SOC 2 CC6.7 · ISO 27001 A.8.24
SEC-03Access control
SSO via SAML 2.0 / OIDC on Professional and Enterprise. Scoped API keys per workspace. Role separation between admins, builders, and reviewers.SCIM provisioning is on the roadmap for Enterprise.
SOC 2 CC6.2 · ISO 27001 A.5.15
SEC-04Audit & logging
Immutable append-only log of every agent run, context edit, knowledge mutation, and MCP call. Retention scales with plan: 7 days on Starter, 30 on Professional, 365 on Enterprise.Export is query-based today; SIEM streaming is roadmap.
SOC 2 CC7.3 · ISO 27001 A.8.15
SEC-05Model inference
No customer data used to train models — contractual. Sempleo-managed default provider by plan; Enterprise can BYO Anthropic or OpenAI.Anthropic · OpenAI zero-retention clauses available on Enterprise.
DPA schedule 2 · MSA § 6.4
SEC-06Writes via MCP
When an LLM calls Sempleo’s MCP server and triggers a write tool, the change lands as pending review. No silent applies; every write crosses an operator.Review queue is the enforcement point.
SOC 2 CC7.1 · ISO 27001 A.8.32
SEC-07Pen testing
Independent third-party penetration test planned before general availability. Internal review runs against the public threat surface continuously.Report will be shared under NDA once completed.
SOC 2 CC4.1 · ISO 27001 A.8.29
SEC-08Subprocessors
Published subprocessor list. Each subprocessor carries a DPA and is selected for auditable posture. 30-day advance notice of change.List shared on request.
DPA clause 11
0
Customer data used to train models — ever.
EU
Sempleo is hosted in the EU today. Multi-region is roadmap work.
365 d
Audit log retention on Enterprise. 90d on Pro, 30d on Starter.
SOC 2
On the roadmap. Audit planned ahead of general availability.
I won’t put a SOC 2 badge on this page until we’ve actually earned one. Security is a posture, not a logo strip. What I can commit to today is the architectural choices that make the audits easier later — per-tenant isolation, no training on your data, a full audit trail on every agent run. Compliance is a side-effect of building it right the first time.
Lasse Nørby
Lasse NørbyFounder · Sempleo
Sempleo

Shape the team-context
layer with us.

We're onboarding a small cohort of founding customers to deploy Sempleo on real workflows. A 45-minute call with the founder — you leave with a plan; we leave with the shape of how your team actually works.

Apply as a founding customerRead the thesis