Security

Probatum is built with security as a first principle. We are SOC 2 Type II compliant and our architecture ensures your data never leaves your environment.

Local Processing

Unlike cloud-only RAG solutions, Probatum runs entirely on your infrastructure. The Bun runtime processes your documents locally, creating embeddings and retrieving context without sending document content to our servers.

What Stays Local

✓ On Your Machine

  • • Source documents
  • • Document embeddings
  • • PostgreSQL + pgvector
  • • Optional local LLM (Ollama)

↗ Cloud Control Plane

  • • Query text
  • • Generated answers
  • • Audit logs & Trace IDs
  • • License management

Encryption

  • In Transit: All API communications use TLS 1.3 protocol.
  • At Rest: Cloud data is encrypted using AES-256 standards.
  • Local: Your documents remain protected under your own encryption policies and OS security.

Access Control

  • License-based authentication with per-machine activation.
  • Secure JWT tokens for session management.
  • Role-based access (Team Member vs External Auditor) in Professional/Enterprise plans.
  • Admin dashboard for license and seat management.

Audit Trail

Every query is logged with immutable trace IDs, timestamps, and framework mappings. Efficiency doesn't mean improved opacity; we provide full audit logs exportable for your compliance records.

Compliance Frameworks

Probatum supports SOC 2, ISO 27001, HIPAA, and custom frameworks. Our architecture is designed to assist you in achieving and maintaining compliance while minimizing data exposure risks.

Last updated: January 2026