Home / Your infrastructure, your rules — data never leaves your perimeter.
Security & Deployment

Your infrastructure, your rules — data never leaves your perimeter.

CVS is engineered for security teams that will not approve a black box. Multi-tenant RBAC, four deployment models up to full air-gap, and layered isolation give you execution sovereignty — not just a data-residency promise.

Access Control

Multi-tenant RBAC with SSO, from tenant down to every audit event.

Access in CVS follows a strict hierarchy: Tenant → Instance → Workspace/Department → Role → User → Permission → Audit Event. Each tenant is isolated from every other, and instances partition knowledge within a tenant so a department only ever sees what it is entitled to.

Identity is handled through your existing SSO via SAML or OIDC, with RBAC at the core and optional ABAC policies for attribute-based rules. Every query and every piece of evidence access is written to a tamper-evident audit trail — the minimum-necessary standard enforced in software, not in policy documents.

  • Hierarchy: Tenant → Instance → Workspace/Department → Role → User → Permission → Audit Event
  • SSO via SAML or OIDC; RBAC with optional ABAC attribute policies
  • Strict per-tenant and per-instance isolation — no cross-tenant leakage by design
  • Audit trail records every query and every evidence access for compliance and incident review
Multi-tenant RBAC with SSO, from tenant down to every audit event.. Access in CVS follows a strict hierarchy: Tenant → Instance → Workspace/Department → Role → User → Permission → Audit Event. Each tenant is isolated from every other, and instances partition knowledge within a tenant so a department only ever sees what it is entitled to.
Deployment

Four deployment models on a control gradient.

CVS spans the full range from fastest start to maximum control: CVS Cloud, Dedicated Cloud, Self-Hosted, and Air-Gap. Cloud gets you live in under 48 hours with managed updates; dedicated cloud gives single-tenant isolation in your AWS, Azure, or GCP region with bring-your-own-key encryption.

Self-Hosted runs entirely inside your perimeter on Docker Compose or Kubernetes, with local LLMs served through Ollama or vLLM. Air-Gap goes further — zero external API calls, no telemetry, no phone-home, with updates delivered on physical media. Every tier supports the same generic compliance posture: SOC 2, GDPR, and HIPAA-aligned controls.

  • CVS Cloud, Dedicated Cloud, Self-Hosted, and Air-Gap — pick your point on the control gradient
  • Self-hosted on Docker Compose or Kubernetes with local LLMs via Ollama or vLLM
  • Air-gap: zero external calls, no telemetry, updates via secure physical media
  • BYOK encryption, single-tenant dedicated cloud, and SOC 2 / GDPR / HIPAA-aligned controls across every model
Four deployment models on a control gradient.. CVS spans the full range from fastest start to maximum control: CVS Cloud, Dedicated Cloud, Self-Hosted, and Air-Gap. Cloud gets you live in under 48 hours with managed updates; dedicated cloud gives single-tenant isolation in your AWS, Azure, or GCP region with bring-your-own-key encryption.
Isolation

Layered data isolation, end to end.

CVS isolates data at every layer of the request path: User/SSO authenticates the caller; the API gateway enforces policy; the tenant boundary and instance boundary partition knowledge; encrypted stores hold data at rest; and answer generation runs against a local or explicitly approved LLM backend. Every step lands in the audit log.

In self-hosted and air-gap modes the perimeter is absolute — data, models, indexes, answers, and logs all stay inside your environment, encrypted with AES-256 at rest and TLS 1.3 in transit. This is full execution sovereignty, the architecture behind generic SOC 2, GDPR, and HIPAA compliance rather than a marketing badge.

  • Request path: User/SSO → API gateway → tenant boundary → instance boundary → encrypted stores → approved LLM → audit log
  • Answer generation against local (Ollama/vLLM) or explicitly approved LLM backends only
  • AES-256 at rest, TLS 1.3 in transit; data, models, indexes, and logs stay in your perimeter
  • Architecture designed to satisfy SOC 2, GDPR, and HIPAA control requirements
Layered data isolation, end to end.. CVS isolates data at every layer of the request path: User/SSO authenticates the caller; the API gateway enforces policy; the tenant boundary and instance boundary partition knowledge; encrypted stores hold data at rest; and answer generation runs against a local or explicitly approved LLM backend. Every step lands in the audit log.
Closed perimeter

Your infrastructure. Your rules. Your data never leaves.

Not "data residency" marketing — full execution sovereignty. Data, models, indexes, answers, and audit logs all remain inside your perimeter. Zero external API calls in air-gap mode.

Quick start

CVS Cloud

  • Live in under 48 hours
  • Automatic updates and security patches
  • 99.9% SLA with uptime monitoring
  • Data in your chosen US region (us-east-1, us-west-2, us-gov-west-1)
Balanced control

Dedicated Cloud

  • Single-tenant isolation — no shared resources
  • AWS, Azure, GCP, or Azure Government
  • Bring your own encryption keys (BYOK)
  • VPC peering, SLA up to 99.99%
Full control

Self-Hosted

  • Data never leaves your perimeter
  • Local LLMs via Ollama or vLLM
  • Docker Compose or Kubernetes deployment
  • Full HIPAA and SOC 2 compliance on your terms
Maximum security

Air-Gap

  • Zero external API calls — completely disconnected
  • No telemetry, no phone-home, no license beacons
  • Updates via secure physical media (USB/optical)
  • Meets ITAR, FedRAMP High, and defense-grade requirements
SOC 2 Type IIHIPAAFedRAMPITARAES-256 / TLS 1.3RBAC + SSOFull Audit TrailNIST AI RMF

Bring your InfoSec team to the table.

We will walk through the isolation architecture, deployment options, and audit model — and stand up an air-gapped proof of concept inside your perimeter.

Request a Security Review