Built for procurement from day one.
ZeroMan.ai operates on a least-privilege model with auditable decisions, governed agents, and a published responsible-disclosure path. This page is the running source of truth for design partners and enterprise buyers.
Customer data stays scoped.
Each tenant's data is logically isolated. Production data is encrypted in transit (TLS 1.2+) and at rest. The platform never trains shared foundation models on customer-identifying data; agent fine-tuning runs only on tenant-scoped corpora with an explicit opt-in.
EU-region by default, portable by design.
The pilot stack runs on Cloudflare's edge runtime with EU data-residency options. The architecture is portable: every storage and AI dependency is behind an adapter interface so design partners can deploy into their own VPC or sovereign region for production.
SSO-ready with role-scoped RLS.
The production data layer enforces row-level security at the database level — not just in application code. Roles are stored in a dedicated table with a security-definer check function. SSO via OIDC (Okta, Azure AD, Google Workspace) is on the design-partner track.
Governed agents, never silent agents.
Every agent action runs inside a decision loop: scoped objectives, policy thresholds, and an audit trail of inputs, options considered, and recommended next step. Humans can step in at any boundary. Autonomy is granted per loop, never per user.
GDPR-aligned, SOC 2 on the roadmap.
We are GDPR-aligned today and are building toward a SOC 2 Type II report on the production tenant. The roadmap and current control matrix are available to design partners under NDA via the investor data room link below.
Report a vulnerability.
Security researchers and customers can report suspected vulnerabilities to security@zeroman.ai. We acknowledge within 48 hours and treat reports as confidential until a fix is shipped. No legal action will be taken against good-faith research that follows responsible-disclosure norms.