Golden Retriever is built for organizations that take data security, access control, and model governance seriously. This page outlines how the platform handles your data, who can access what, and where the system runs.
Access control in Golden Retriever is enforced at the retrieval layer, not the interface layer. This means permissions are checked every time data is retrieved — not just when a user logs in or opens a page.
Permissions are inherited from your existing systems: Active Directory, Confluence spaces, database roles, and file share ACLs. If a user does not have access to a document in SharePoint, they will not see it in Golden Retriever. There is no separate permission system to manage, no additional roles to configure, and no access lists to maintain.
The result is a system that respects your existing security posture without adding administrative overhead.
Your data is never used to train AI models. This is not a policy decision — it is a hard architectural boundary. There is no mechanism in the system to feed your data back into model training, and there never will be.
Data is not stored beyond what is necessary for indexing and retrieval. Documents are processed, chunked, and embedded for semantic search. The original content remains in your source systems — Golden Retriever holds only the index.
Query results from databases are generated in real time and are not persisted. When a user asks a question that requires a database query, the system executes the query, returns the result, and discards the data. Nothing is cached or stored.
Complete data sovereignty. All processing happens within your data centers using locally hosted language models. No data leaves your network, no external APIs are called. Suitable for air-gapped and classified environments.
Data does not leave the Azure cloud boundary. Models are hosted within US regions, and all processing stays within your cloud environment. You maintain full control over the tenant and the data lifecycle.
A dedicated, isolated cloud environment provisioned exclusively for your organization. Combines the scalability of cloud infrastructure with the isolation characteristics of an on-premises deployment.
Every deployment option delivers the full platform — same capabilities, same integrations, same security posture. The only difference is where the infrastructure runs.
Deploy entirely within your own data centers. Supports locally hosted LLMs for complete data sovereignty. No external network dependencies. Suitable for air-gapped environments and highly regulated industries.
A dedicated, isolated cloud environment provisioned exclusively for your organization. Cloud scalability with on-premises-level isolation. No shared tenancy, no shared resources.
We host the platform on our private Azure cloud with US-hosted models. Fastest path to deployment with no infrastructure overhead. Fully managed, continuously updated.
We are happy to walk through our security architecture in detail — including data handling, access control enforcement, model residency, and deployment topology for your specific environment.