Security & trust
Built on a single identity, audit and configuration plane.
Iris is a multi-tenant SaaS designed for regulated logistics workloads — with per-tenant isolation enforced on every API call, semantic audit on every state-changing action, and the option of a dedicated single-tenant deployment where data residency demands it.
Identity
Microsoft Entra (and OIDC-compatible) sign-in. Per-tenant isolation enforced by ITenantAccessGuard on every API call.
Audit
Semantic audit events (e.g. mailbox.created, workflow.run.approved) recorded for every state-changing admin action; queryable and exportable as NDJSON or CSV.
Data residency
EU or US shared tenants on Inbox/Automate; dedicated EU/US/AU tenants available on Operate. Data does not leave the chosen region.
AI safety
Prompt injection mitigations, per-mailbox AI budgets, premium-model gating, and full token-cost telemetry per run.
Encryption
TLS 1.2+ in transit, AES-256 at rest. Provider keys held in a per-tenant key store; never exposed to model providers when BYOK is enabled.
Compliance roadmap
SOC 2 Type II and ISO 27001 in progress. GDPR DPA available on request. Penetration testing performed annually by an independent assessor.
Trust artefacts
The full Security & Audit overview is available as a board-ready PDF in the Iris sales pack. The DPA, sub-processor list and pen-test summary are available on request under NDA.
Compliance status
- SOC 2 Type IIIn progress
- ISO/IEC 27001In progress
- GDPR DPAAvailable on request
- UK GDPR addendumAvailable on request
- Data residencyEU · US · AU (Operate)
- Penetration testingAnnual, independent
Going through procurement?
Send us your security questionnaire — we’ll come back with answers, the relevant artefacts and an introduction to our security lead.