Legal
Security and Data Governance
How we think about it
Anomra is built as a governed intelligence layer, and data governance is part of the engineering design rather than an afterthought. The principles below describe how the platform is designed and operated. They are design principles, not third-party certifications.
Platform design principles
- Default-deny privacy tiers, enforced server-side. Data access starts from no access; every tier of visibility has to be explicitly granted, and the enforcement lives on the server, not in the client.
- Per-tenant data isolation.Each customer's content, configuration, and signals are isolated per tenant.
- AI provider keys stay server-side. Credentials for AI providers are held on our servers only and are never shipped to the browser.
- Usage metering with reject-before-spend cost controls. Usage is metered per tenant, and requests beyond plan limits are rejected before any AI spend is incurred.
- Append-only audit ledger. Served calls are recorded in an append-only audit ledger, so what the platform did is reviewable after the fact.
- Your content is not used to train AI models. Customer content is used to serve your own touchpoints, not as training data.
- Deletion on request. Customer data is deleted on request.
This website
The marketing site itself follows the same posture: strict security headers, no third-party scripts, no analytics, and no tracking. Contact-form delivery is handled server-side with credentials that never reach the client.
Reporting a concern
If you believe you have found a security issue in this site or the platform, please contact team@perditio.com. We appreciate responsible disclosure and will respond as quickly as we can.