Security & Compliance
Built for the work your CISO has to defend.
Bolt and Aeira are built to the security bar regulated industries demand, which means they work for any enterprise that takes governance seriously, not just the ones a regulator forces to. This page covers our architectural posture, the compliance regimes the platform is deployable for today, and our roadmap. Detailed security briefs, threat models, and pen-test results are shared under NDA.
At a glance
The posture, summarized.
Identity-bound by design
Encrypted & auditable
Patent-pending architecture
Tamper-evident audit you can verify yourself
Streams to your SIEM out of the box
Compliance Posture
What's deployable today, what's on the roadmap.
We use precise language about compliance: an architecture is "deployable" for a regime when it can be configured to satisfy that regime's technical requirements, but a formal certification is a separate process with a third-party auditor. Here's where we are honestly.
Deployment Models
Your data plane stays in your perimeter, always.
Self-Hosted (every Bolt tier, Aeira Dynamic / Enhanced)
Managed AI option (any tier)
Air-Gapped (Aeira Federated)
Available under NDA
Where the technical depth lives.
We deliberately don't publish implementation specifics on the public site. Below is what we share under a mutual NDA during pilot evaluation:
- Architecture brief: component-level diagrams of Bolt's runtime and Aeira's data plane, including the cache hierarchy, the priority engine's scoring model, and the security pipeline's specific layers
- Security posture documentation: threat model, encryption details, key management semantics, audit log format and retention
- Patent claim summaries: what the patent-pending architecture covers and how it maps to the runtime
- Pen-test results: latest external assessment findings and remediation status
- Compliance gap analysis: honest current-vs-target view for SOC 2, ISO 27001, FedRAMP
- Reference customer conversations: design partners willing to take a call about their experience
- Deployment runbook: Helm charts, Docker Compose, Kubernetes manifests, and the operational guides used during go-live
Take the next step.
Schedule a 30-minute call to walk through the architecture, request the security brief under NDA, or arrange a reference conversation with a design partner.