How we ship AI
inside regulated businesses.

We deploy agents as containerized services inside your cloud account or a dedicated Legacy Labs tenant. Inference traffic is routed through a zero-retention gateway. No data is persisted outside your control boundary unless you explicitly opt in.

Every agent operates under a least-privilege service account scoped to the tool it's allowed to call. Sensitive fields are redacted before they touch a third-party model. On HIPAA engagements, PHI is routed exclusively through BAA-covered providers.

SSO via your existing IdP. MFA required for every human operator. Role-based access at the action level, not just the resource level. All non-trivial operations pass through a reviewer gate with full audit trail.

Every agent action emits a structured event with user, tool, input hash, output hash, and reviewer decision. Logs are streamed to your SIEM or to a Legacy Labs managed store with 365-day retention. Quarterly log reviews are part of every install.

SOC 2 Type II in continuous monitoring. HIPAA BAA available on request. GDPR and CCPA data-subject workflows documented and tested. ISO 27001 alignment in progress — target completion Q4 2026.

24-hour SLA for confirmed incidents. Dan is the primary on-call for security; Juan and the operator lead are the backup. Post-incident review is public inside the engagement Slack channel and filed as a permanent artifact.