TechnologyLashley · Memory engineAisha · Personal AISectorsResearchCompanySecurityContactGet in touch
OMVY/Security & Trust

Security & Trust

Privacy by architecture. Memory you can inspect.

We build for institutions where privacy, isolation, and reliability are requirements, not features. This page states our posture honestly: what holds today, and what is on the roadmap.

Architecture

Isolated by default, never pooled.

Per-project isolation

One boundary per deployment

Each deployment holds its own memory store, scoped and controllable. Knowledge learned for one client is never shared with another by default.

Deployment topology

Cloud, offline-first, or on-prem

Sensitive environments can run offline-first or on-premise paths so data stays where it belongs, the same model that lets Avalanche operate disconnected.

Encryption

In transit and at rest

Data is encrypted in transit and at rest, with key management appropriate to the deployment. Full specifics are shared under NDA during diligence.

Auditability

Legible, not a black box

Memory is structured and inspectable: what the system retained, and why, can be reviewed rather than inferred.

Data & privacy

Persistent memory, reconciled with the right to be forgotten.

“Persistent” does not mean “permanent against your wishes.” Memory is scoped, exportable, and erasable.

Data ownershipThe client owns its data and the derived knowledge graph.
Right to erasureRecords can be deleted on request; retention windows are set per engagement.
Export & exitKnowledge is exportable in open formats, with no lock-in by design.
DPAWe will sign a Data Processing Agreement as processor where required.
EU data residencyEU-resident processing available on request for European engagements.

Stated posture, exact terms confirmed per engagement

Compliance

An honest roadmap, not borrowed badges.

We state where we are. Where a framework is in progress, we say so, and share evidence under diligence.

Information security

SOC 2 / ISO 27001, on the roadmap

We are building toward formal information-security attestation. Current controls and timeline are shared with prospective partners.

Automotive

ISO 21434 · UNECE R155/R156, aligned

Avalanche is developed with automotive cybersecurity and software-update regulation in mind; posture detailed under NDA for OEM evaluation.

Accessibility

WCAG 2.1 AA · EN 301 549, targeted

Voice-first guides are designed to also serve deaf, hard-of-hearing, and non-speaking visitors through captions and text alternatives.

Sub-processors

Disclosed on request

A current list of sub-processors and the model supply chain is provided to customers and during security review.

Responsible disclosure

Found something? Tell us.

We welcome responsible disclosure and respond promptly to security reports. For diligence, request our security overview and questionnaire responses.

[email protected] Request security overview