Skip to content
Trovato

Security & trust

World-class security, held to international standards.

Trovato protects the firms with the most to lose. Security is engineered into every layer — hosted on Microsoft Azure and Google Cloud, with bank-grade encryption, governed access and a full audit of every action — and built to international standards including ISO/IEC 27001, SOC 2 and GDPR.*

Deployment options

The posture

Zero training on your data — and control you can prove.

Defense-in-depth across infrastructure, encryption, access, governance and audit — every layer built so you can prove control, not just assert it.

Trusted infrastructure

  • Microsoft Azure & Google Cloud

    Built on hyperscale infrastructure, under its physical, network and platform security.

  • Regional data residency

    Hosted in the jurisdiction you choose; data stays in-region.

  • Resilience & recovery

    Redundancy, encrypted backups and monitored availability.

Encryption & data handling

  • Bank-grade encryption

    AES-256 at rest and TLS 1.2+ in transit — encrypted end to end.

  • Zero training on your data

    Your content is never used to train shared or public models.

  • Tenant isolation

    Each firm's data is isolated; no cross-tenant access.

Access control

  • SSO / SAML

    Single sign-on with your identity provider.

  • RBAC

    Role-based access, per-firm roles and permissions.

  • IP allow-listing

    Restrict access to known networks.

Governance

  • Policy & entitlements

    Per-firm policy with source- and model-level entitlements.

  • Approval gates & ethical walls

    Human approval for sensitive actions; matter-level information barriers.

  • Central administration

    One place to manage roles, access, policy and usage.

Audit & retention

  • Audit of every action

    A complete, exportable trail of every query and action.

  • Per-query usage metering

    Token usage tracked per query for review.

  • Retention & deletion

    Configurable retention; deletion on request.

Compliance & standards

  • ISO/IEC 27001 & SOC 2*

    Certification actively underway; controls built to both frameworks.

  • GDPR & POPIA aligned

    Built for the privacy regimes our buyers operate under.

  • Independently assessed

    Third-party review — we publish each mark only once it's held.

Deployment & data residency

Azure or Google Cloud, in the region your rules require.

Choose Microsoft Azure or Google Cloud — by preference, or by where your data must live — and we deploy in the cloud region your jurisdiction requires. Data stays in-region to meet GDPR and other regimes, POPIA-aligned for South-Africa-based teams. Deployment and residency are a configuration choice, not a special case.

  • Choice of cloud

    Microsoft Azure or Google Cloud — by preference or by region.

  • Data residency

    Deployed in the region your jurisdiction requires; data stays in-region.

  • Managed & isolated

    Fully managed, multi-tenant, with per-firm isolation.

Sub-processors

Who touches the data.

We maintain a current list of sub-processors and the model providers a firm has entitled.

Trust centre

Documentation on request.

Security documentation, the data-handling overview, and deployment guidance are available to firms in a demo or evaluation. A public trust centre follows.

Request security documentation

See Trovato on your own matters.

A short, tailored walkthrough — the citation firewall, the Matter Wiki, and a supervised agent, working on the kind of matter you run.

Talk to us