Security by design
GreenLightz is built around six architectural guarantees that cannot be toggled off. Security is not a feature — it is the foundation.
Six guarantees. Always enforced.
Every evaluation, every tenant, every time. These properties are verified by automated tests on every deployment.
Fail-Closed
Any error, timeout, or ambiguity results in BLOCK. The system never silently allows an action it cannot verify.
Escalate-Only
Verdicts only move toward stricter enforcement during evaluation. A green verdict can become amber or red, never the reverse.
Deterministic
Identical inputs produce identical verdicts across every run. No sampling, no randomness, no stochastic decision paths.
Offline-First
The core evaluation engine has zero external runtime dependencies. It operates without network calls, LLM APIs, or third-party services.
Privacy-First
Every identifier is HMAC-hashed with per-tenant keys before storage. Zero PII in logs, evidence, or API responses.
Tamper-Evident
Every verdict produces a cryptographically signed evidence packet. The integrity chain is append-only and mutations are detectable.
What we store — and what we don't
GreenLightz follows a data minimization principle. We process only what is needed for policy evaluation and store only hashed, non-reversible records.
| Data Type | Stored? | Detail |
|---|---|---|
| Verdicts and reasons | Yes | Evaluation outcomes with deterministic audit trail |
| Action amounts and types | Yes | Financial values and commitment categories |
| Hashed identifiers | Yes | SHA-256 HMAC with per-tenant keys — non-reversible |
| Timestamps | Yes | ISO 8601, timezone-aware |
| Policy configurations | Yes | YAML policy packs, version-controlled |
| Names, emails, phone numbers | No | Rejected at API ingestion — never reaches the engine |
| Payment details or card numbers | No | 11 PII metadata keys blocked before evaluation |
| Conversation transcripts | No | Not required for governance evaluation |
| Customer IP addresses | No | Not logged, not stored, not used |
Infrastructure and access control
HTTPS / TLS Required
All API communication is encrypted in transit. HSTS enforced with 1-year max-age.
Per-Tenant Isolation
Each tenant has its own signing keys, policy pack, rate limits, and webhook credentials. No cross-tenant data access.
API Key Authentication
API keys are hashed before storage. Per-key rate limiting enforced. Credentials never appear in logs.
Managed Cloud Hosting
Hosted on enterprise-grade cloud infrastructure with automated deployments. All 7,900+ governance tests run before every deploy.
Compliance posture
| GDPR data minimization | Implemented |
| Internal security hardening | Complete |
| SOC 2 Type II | In planning |
| ISO 27001 | In planning |
Detailed security architecture is available for review under NDA during pilot evaluation.
Questions about our security posture?
We're happy to walk through our architecture in detail during a technical review.
Book a Demo