Security
A practical trust baseline for evaluating AI review in regulated workflows.
VeracityGXP is not positioned as fully validated GxP software today. It is positioned as a serious SaaS baseline that already includes the controls buyers expect to see during evaluation.
Current security posture
- Workspace-scoped data isolation with authenticated access control.
- Durable review workers with queueing, replay, and backpressure controls.
- Persistent audit trail for destructive and configuration-changing actions.
- Customer-managed provider keys for serious evaluation and production workflows.
Workspace isolation
Application routes and review resources are scoped to authenticated workspace membership. Review, chat, and export access is enforced server-side.
Provider key handling
Customer provider keys are encrypted at rest and resolved server-side. The product also supports Bring Your Own Key to keep serious usage under customer control.
Retention and cleanup
Retention workers remove aged documents and attachments on a schedule instead of keeping sensitive review inputs forever.