Security by design

GreenLightz is built around six architectural guarantees that cannot be toggled off. Security is not a feature — it is the foundation.

Six guarantees. Always enforced.

Every evaluation, every tenant, every time. These properties are verified by automated tests on every deployment.

Fail-Closed

Any error, timeout, or ambiguity results in BLOCK. The system never silently allows an action it cannot verify.

Escalate-Only

Verdicts only move toward stricter enforcement during evaluation. A green verdict can become amber or red, never the reverse.

Deterministic

Identical inputs produce identical verdicts across every run. No sampling, no randomness, no stochastic decision paths.

Offline-First

The core evaluation engine has zero external runtime dependencies. It operates without network calls, LLM APIs, or third-party services.

Privacy-First

Every identifier is HMAC-hashed with per-tenant keys before storage. Zero PII in logs, evidence, or API responses.

Tamper-Evident

Every verdict produces a cryptographically signed evidence packet. The integrity chain is append-only and mutations are detectable.

What we store — and what we don't

GreenLightz follows a data minimization principle. We process only what is needed for policy evaluation and store only hashed, non-reversible records.

Data Type	Stored?	Detail
Verdicts and reasons	Yes	Evaluation outcomes with deterministic audit trail
Action amounts and types	Yes	Financial values and commitment categories
Hashed identifiers	Yes	SHA-256 HMAC with per-tenant keys — non-reversible
Timestamps	Yes	ISO 8601, timezone-aware
Policy configurations	Yes	YAML policy packs, version-controlled
Names, emails, phone numbers	No	Rejected at API ingestion — never reaches the engine
Payment details or card numbers	No	11 PII metadata keys blocked before evaluation
Conversation transcripts	No	Not required for governance evaluation
Customer IP addresses	No	Not logged, not stored, not used

Infrastructure and access control

HTTPS / TLS Required

All API communication is encrypted in transit. HSTS enforced with 1-year max-age.

Per-Tenant Isolation

Each tenant has its own signing keys, policy pack, rate limits, and webhook credentials. No cross-tenant data access.

API Key Authentication

API keys are hashed before storage. Per-key rate limiting enforced. Credentials never appear in logs.

Managed Cloud Hosting

Hosted on enterprise-grade cloud infrastructure with automated deployments. All 8,300+ governance tests run before every deploy.

Compliance posture

GDPR data minimization	Implemented
Internal security hardening	Complete
SOC 2 Type II	In planning
ISO 27001	In planning

Detailed security architecture is available for review under NDA during pilot evaluation.

Questions about our security posture?

We're happy to walk through our architecture in detail during a technical review.

Book a Demo