Private AI for regulated industries

Intelligence you own.

An AI appliance installed on your premises, answering from your own documents. Your content never leaves your network.

AI you can trust.

Because the appliance runs inside your network, your team can ask about actual client work, by name, with the documents on the table. Nothing has to be anonymized first, and no cloud provider's terms of service stand between you and your own files.

  • 01 GroundedAnswers are pulled from your documents at the moment you ask, with inline citations so anyone can check them.
  • 02 Permission-awareRetrieval respects who may see what, enforced in the database itself, not in a prompt.
  • 03 On the recordEvery question, answer, and tool call lands in an audit chain your compliance officer can read.
OnPrem Intelligence On your hardware
You
Summarize the termination terms across the three Meridian supply agreements. Do any of them conflict with the 2024 master terms?
Stella
All three agreements allow termination for convenience on 60 days' notice, but the 2023 renewal adds an early-termination fee.1 That fee conflicts with §11.2 of the 2024 master terms, which bars termination charges of any kind.2 The remaining two agreements incorporate the master terms by reference.3
1Meridian Supply Renewal (2023), §8.4 2Master Services Terms (2024), §11.2 3Meridian Supply Agreements A and B, §7.1
134 tok/s · 6.8s
You
This is the second renewal that has slipped past us. Can you build a workflow that reviews new agreements against the master terms before anyone signs?
Stella
I can. When a new agreement lands in the contracts library, I would check its termination and fee provisions against the current master terms and write up anything that conflicts, cited to the section. Should the check cover every new agreement, or only the supply contracts? And do you want flags as they are found, or in a weekly digest?
You
Every agreement, and flag them as they come in.
Stella
Saved. The workflow runs under your permissions, and nothing goes live until you approve a dry run. I've queued one against last quarter's agreements.
WorkflowMaster-terms review TriggerNew agreement in the contracts library StatusDry run queued for review

What ships in the box

One appliance, delivered and installed. Everything below runs behind your firewall.

01

Answers with citations

Ask in plain language across everything you've connected. Retrieval finds the passages that matter, permission-checked for the person asking, and every answer cites the documents it drew from, down to the section.

02

Ingestion with OCR

Contracts, filings, decades of scanned paper. Everything is read as it arrives. Scans go through OCR, and every file gets a summary along with its entities and key dates.

03

Conflict awareness

The system reads for names as well as meaning. When a query touches a name that raises a conflict of interest, a warning surfaces before the work goes further.

04

The Workflow Architect

Describe a recurring job in conversation. The Architect builds it as a saved workflow, scheduled or triggered by events, shows you a dry run before anything goes live, and runs it under your own permissions.

05

Your sources, connected

Documents flow in from Microsoft SharePoint and OneDrive today, with more connectors to follow. Files are indexed in place. The originals never move.

06

Memory with oversight

The assistant remembers each user's context, scoped to that user alone. Material tagged sensitive never becomes memory, and nothing becomes shared knowledge without an administrator's review.

07

Enterprise sign-in

Single sign-on through the identity provider you already run (OIDC), or local accounts kept on the appliance. Every user's access is isolated down to the database row.

The boundary is the product.

Other AI vendors make this promise in a policy document. We build it into the hardware. Your content has no path out of your network, and the only thing that ever reaches us is a handful of numbers.

Stays on your hardware
Everything.
  • Document text, indexes, and embeddings
  • Models and every inference they run
  • Conversations and memory
  • Identities and access rules
  • The audit chain itself
Ever reaches us
Numbers.
  • Usage totals and latency figures
  • Error rates and version info
  • License status

The numbers never include content, a document name, or who asked.

And you can prove it. The management plane is pull-only: the appliance calls out for licenses and updates, and nothing outside can call in. The audit chain is hash-linked and tamper-evident. You can anchor it in write-once storage beyond the appliance and export it to your SIEM. Updates arrive signed, on your review terms. Support sessions happen only when you start them, and they land in your audit chain like everything else.

From delivery to first question

01

Installed inside

The appliance ships with as much preconfigured as you want, anywhere from ready to plug in to a bare install your own IT completes on site. A guided first run connects your identity provider and document sources without routing anything through us.

02

The record, indexed

Ingestion runs on your schedule, and source permissions hold from the first file. A document can only ever be found by someone who could already open it.

03

Ask

Your team signs in with the accounts they already use and starts asking questions. Signed updates keep the appliance current, and everything that happens goes into the audit log.

Built where confidentiality is law

At home in any practice that cannot send its files away.

01

Accounting & CPA firms

Client financials stay where the engagement letter says they will.
02

Financial services

Portfolios and strategy work that never touch a third party's cloud.
03

Healthcare organizations

Clinical documentation and PHI never leave the premises.
04

Law firms

A matter file that answers questions, with privilege intact and conflicts checked.

See it inside your walls.

Tell us about your practice. We'll schedule a private demonstration and walk through how deployment would work on your network.