Written for the person who has to say yes
This page is for IT leads, security officers and DPOs. It describes how Naxis Assistant is built, where data flows, and which guarantees are structural rather than promised. If a question isn’t answered here, ask us directly — you’ll get an engineer, not a sales deck.
Architecture: deliberately small
Each client runs a dedicated, single-tenant deployment: one service, one background worker, one PostgreSQL database. There is no shared infrastructure between clients, no multi-tenant data partitioning to trust, and no cross-tenant attack surface — a new client is a new deployment.
Everything stateful lives in that one database: document chunks and their access-control metadata, conversations, the audit log, background jobs and evaluation results. That gives you one backup scope, one encryption scope, and one data map — the database schema itself. When your DPO asks “where exactly is our data?”, the answer is one sentence.
Access control below the AI
Every document carries a list of groups permitted to read it. When someone asks a question, retrieval filters on those permissions inside the database query — restricted documents are excluded before the language model is ever invoked.
- The model cannot leak what it never receives. No prompt injection, jailbreak or phrasing trick can cross a group boundary, because the boundary is enforced in SQL, not in instructions to the model.
- All surfaces — web chat, API, CLI — sit above the same core. Access control, audit and refusal behaviour live below the surface layer and cannot be bypassed by any of them.
- Permission changes take effect immediately and are tracked separately from content, so changing who may read a document never requires re-processing it.
Groundedness: cite or refuse
Naxis answers only from retrieved passages, and every answer carries citations to them. When no permitted document supports an answer, it refuses. This is a structural rule — not a confidence threshold that can drift or need calibration. The refusal behaviour is itself measured: built-in evaluation includes questions the assistant should decline, and reports how often it correctly does.
Data flow and models
Document embeddings are always computed inside your deployment — in every edition, your documents are never sent to a third party to be indexed. The editions differ only in where answer generation runs:
| Edition | Embeddings | Answer generation | Sub-processors |
|---|---|---|---|
| Hosted | Local to the deployment | Anthropic API under zero-data-retention terms — prompts and outputs are not stored and not used for training | Anthropic (disclosed on the generated manifest) |
| Residency | Local to the deployment | Open-weights model served inside your infrastructure | None |
Source credentials (service-account keys, API tokens) are write-only once saved: they can be replaced, but never read back through the interface or API. Every connector is designed to work with read-only, minimally-scoped credentials.
Tamper-evident audit log
Every authentication, question, retrieval and administrative action is appended to an audit log in which each entry includes a hash of the entry before it. Altering or deleting any record breaks the chain, and a built-in verification recomputes the entire chain on demand — from the admin interface or the command line.
The log is pseudonymous by design: it records opaque actor identifiers and chunk references, not names or document contents, so the audit trail itself stays lean under data-protection review.
GDPR, in the product
Compliance tooling ships inside Naxis rather than in documentation:
- Records of processing (Art. 30). A processing manifest — data categories, retention, models, sub-processors, technical measures — is generated from the live deployment configuration. It cannot drift from reality, because it is never hand-written.
- Subject access (Art. 15). Export everything held about a person with one command or click. Users can also export their own data themselves, without asking anyone.
- Erasure (Art. 17). Erase a person’s conversations, or a document’s data, with built-in auditable tooling. Deleting a user account can include full erasure of their history.
- Retention. A nightly job enforces the retention schedule automatically:
| Data | Default retention | Erasure path |
|---|---|---|
| Document corpus | Mirrors the source — removed there, removed here on the next sync | Per-document erasure or source deletion |
| Conversations | 90 days (configurable) | Nightly retention job, per-person erasure, or user self-deletion |
| Audit log | 730 days (configurable) | Nightly retention job |
Conversations are stored keyed to opaque subject identifiers, never names. The knowledge-base contents are yours: what personal data they contain is under your control, and the corpus simply mirrors your sources.
EU AI Act
Naxis Assistant is built to the transparency obligations of Article 50: every surface discloses that answers are AI-generated, every answer is stamped with the model that produced it, and every answer carries source citations. High-risk uses under Annex III are contractually excluded — Naxis is a knowledge-access tool, and its terms keep it one.
Security questions and reviews
We’re glad to complete security questionnaires, walk your team through the architecture, and provide the generated compliance manifest for a trial deployment so you can review the real configuration rather than a sample. For any of these — or to report a security concern — contact us or write to hello@naxis.tech.
Bring us your hardest question
Security reviews make Naxis look good — that’s what it was designed for. Put us in front of your IT lead or DPO.