TRUSTSECURITY CENTER
CUSTODYYOUR DATA · YOUR IRON
KNOX-SIGNEDHASH-LINKED CHAIN
ALL ACTIONSAUDITABLE

TRUST

Security is not a feature — it is the architecture. Every request authenticated, every action logged, every byte in your custody. No exceptions.

SCROLL
Trust Center

Security Is Not a Feature.
It's the Foundation.

Complete transparency into how CASTLE protects your data, your models, and your infrastructure.

Security Architecture

Request Flow Through CASTLE

Every request passes through authenticated, authorized, and audited layers before reaching inference. No exceptions.

User
Request
Shield
Authentication
Tower
Permissions
Echo
Inference
Atlas
Logged

Every request authenticated. Every action logged. Every byte in your custody.

Shield validates identity via API key or SSO. Tower enforces role-based access. Echo processes inference on-premises. Atlas records an immutable audit trail.

Compliance

Standards and Certifications

Our compliance posture is designed for Canadian government and regulated enterprise requirements.

Standard Status Summary
PIPEDA Compliant Personal information stays on Canadian infrastructure
All personal information collected, processed, and stored by CASTLE remains on Canadian-owned hardware within Canadian jurisdictions. We implement all 10 PIPEDA fair information principles including accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance. Data processing agreements are available upon request.
ITSG-33 Aligned 11 baseline security controls documented
CASTLE architecture aligns with ITSG-33 security controls across access control (AC), audit and accountability (AU), identification and authentication (IA), system and communications protection (SC), and system and information integrity (SI). Our security control profile documents 11 baseline controls with implementation evidence. Full ITSG-33 control mapping available under NDA.
FIPS 140-2 In Progress Level 1 software certification underway
We are pursuing FIPS 140-2 Level 1 validation for our cryptographic module used in API key generation, data-at-rest encryption, and audit log integrity verification. Timeline: 4-6 months. All current cryptographic operations use FIPS-approved algorithms (AES-256, SHA-256, PBKDF2) via validated OpenSSL implementations.
Protected B Assessment Planned PBMM readiness documented
CASTLE is being assessed against Protected B, Medium Integrity, Medium Availability (PBMM) requirements. Our on-premises deployment model inherently satisfies many PBMM controls related to data residency and physical security. Gap analysis complete; remediation items tracked and on schedule. Contact us for the current readiness assessment.
SOC 2 Type II Planned Audit engagement scheduled Q3 2026
SOC 2 Type II audit covering Security, Availability, and Confidentiality trust service criteria is scheduled with an accredited firm for Q3 2026. Type I readiness assessment has been completed. Our internal controls framework already maps to SOC 2 criteria across logical access, change management, and incident response.
Canadian Data Residency Compliant All data on Canadian-owned hardware
CASTLE is deployed entirely on hardware owned and operated by AXE Technologies Inc., a Canadian-incorporated company. No data is transmitted to, processed by, or stored on infrastructure outside of Canada or owned by foreign entities. This includes inference compute, model weights, training data, and audit logs. Our cloud infrastructure runs on Canadian-based servers with no dependencies on US-headquartered cloud providers.
Data Custody

Your Data Never Leaves Your Premises

No Cloud

Zero external API calls. Inference runs on your hardware. Models execute locally with no network dependency for core operations.

No Export

Data is never transmitted to AXE or any third party. Your prompts, responses, training data, and model weights remain exclusively yours.

No CLOUD Act

Canadian-owned company. Canadian infrastructure. No foreign intelligence access. Not subject to US CLOUD Act, FISA, or Patriot Act compulsion.

Encryption

Defense in Depth at Every Layer

All data is encrypted at rest, in transit, and during key management operations using industry-standard cryptographic primitives.

Encryption at Rest

All data stored in Atlas tables is encrypted using AES-256 via pgcrypto. Database-level encryption ensures data remains protected even if physical media is compromised.

AES-256-CBC via pgcrypto

Encryption in Transit

TLS 1.3 enforced on all public-facing endpoints. Inter-node communication within fleet deployments uses WireGuard tunnels with 256-bit keys.

TLS 1.3 + WireGuard

Key Management

API keys derived via PBKDF2-SHA256 with high iteration counts. Hardware RNG used where available for entropy. Key rotation supported without service interruption.

PBKDF2-SHA256 + HWRNG
Penetration Testing

Built by Security Professionals. Tested Continuously.

Our team includes active security researchers. CASTLE is tested against the same standards we use to audit client infrastructure.

Continuous Fleet Scanning

Automated weekly security scans run across all CASTLE nodes. Vulnerability detection covers network exposure, service configuration, and dependency analysis.

Client-Verifiable Audits

The castle-harden.sh audit script is available for clients to independently verify the security posture of their deployment. No black boxes.

OWASP Top 10 Coverage

All CASTLE API endpoints are tested against the current OWASP Top 10. Injection, broken authentication, security misconfiguration, and all other categories covered.

Model Security Testing

Prompt injection, data exfiltration, and adversarial input testing performed on all deployed models. Red team exercises run quarterly.

Request Latest Penetration Test Report
Audit Trail

Every Action. Every Access. Every Query.

Tamper-evident logging with cryptographic integrity verification. DELETE operations are blocked at the database level.

atlas / audit_log 
CREATE TABLE audit_log (
  id            BIGSERIAL PRIMARY KEY,
  event_type    VARCHAR(64)    NOT NULL,    -- auth, query, admin, error
  user_id       UUID           NOT NULL,
  ip_address    INET           NOT NULL,
  endpoint      VARCHAR(256),
  details       JSONB,                        -- request metadata, model, tokens
  checksum      CHAR(64)       NOT NULL,    -- SHA-256 of previous row + current
  created_at    TIMESTAMPTZ    DEFAULT NOW()
);

-- DELETE operations blocked via trigger
CREATE RULE no_delete AS ON DELETE TO audit_log DO INSTEAD NOTHING;

-- Integrity verification
SELECT verify_audit_chain('2026-01-01', '2026-04-07');
-- Returns: OK | row_id of first broken link

SHA-256 hash chain links every row to its predecessor. Tampering breaks the chain and is immediately detectable.

DELETE operations are blocked at the database level via PostgreSQL rules. Audit records are append-only and permanent.

Every API call, authentication event, model query, and administrative action is logged with full request context and IP attribution.

Incident Response

Rapid Detection. Transparent Communication.

Our incident response plan is tested and documented. We commit to aggressive timelines and transparent disclosure.

1
< 1 hour

Detection

Automated monitoring detects anomalies. Sentinel health checks run continuously across all fleet nodes.

2
< 4 hours

Containment

Affected systems isolated. Threat vector identified and blocked. Forensic preservation initiated.

3
< 24 hours

Notification

Affected clients notified with incident details, scope assessment, and remediation steps.

4
48 hours

Resolution

Root cause analysis published. Preventive controls deployed. Post-incident review shared with stakeholders.

security@axe.observer

For security concerns or responsible disclosure, contact our security team directly. We acknowledge all reports within 24 hours and follow coordinated disclosure practices.

Get Started

Request Security Assessment

Download our security whitepaper or schedule a technical review with our security team.

Request Assessment Download Overview

/ Contact · we read every inquiry

Talk to AXE.

Demos, partnerships, government RFPs, technical questions. A person reads every form. You hear from someone — not a queue.

Inquiry type

Replies within one business day · Knox audit chain records every inquiry