Privacy Architecture · Detecting Without Exposing

Core Guarantees

Zero training. Zero retention. Zero exposure.

Three structural commitments that become architectural impossibilities, not policy promises.

Guarantee 01

0 Customer Emails in Training

No customer email content trains or fine-tunes foundation models, ever. The models you rely on were never touched by your data.

Guarantee 02

0s Retention on Clean Verdict

Non-malicious content is discarded immediately. No logs, no backups, no snapshots. Content that does not persist cannot be breached.

Guarantee 03

90d Post-Termination Purge

Customer data purged within 90 days with written certification. Clean exit, no remnants, no questions asked.

How It Works

How an email moves through the system, and exits.

Five steps, one branching decision. Click any step to see what happens at that stage and what does not.

→

Step 01: Arrival

Happens

Email arrives via TLS 1.3 and is held in encrypted temporary storage within AWS US infrastructure, isolated per tenant, for the duration of analysis.

Does not happen

No copies are made for later analysis. Email bodies are not logged. Content is excluded from backups, snapshots, and disaster recovery processes by design.

Architecture

Five principles, structurally enforced.

Each principle is a specific architectural decision enforced by the system's design, not dependent on operational discipline or policy compliance alone.

Principle 01

Zero-Retention Processing

Non-malicious email content is held only during analysis and discarded immediately upon clean verdict.

Why a CISO cares

The shortest possible retention window is the smallest possible exposure surface. Content that does not persist cannot be breached, subpoenaed, or leaked.

Controls that enforce it

No write paths for non-malicious content into persistent storage
Email content excluded from backups, snapshots, disaster recovery
No logging of email bodies at any analysis stage
Memory not snapshotted for diagnostic purposes
Automated audits validate no leakage into logs or artifacts

SOC 2 scope DPA: Retention clause

Principle 02

Evidence-Based Reasoning

The reasoning engine operates on structured findings, not raw content. The most powerful model sees the least raw data.

Why a CISO cares

AI reasoning models are the most capable and the most sensitive. Keeping raw content out of their context window eliminates the largest class of AI privacy incidents by architecture, not policy.

Controls that enforce it

Specialized analytical tools process raw content in isolated environments
Tools return structured findings (scores, flags, indicators), not content
The reasoning engine receives only structured findings
No shared data store or shared compute between evidence tools and reasoning

Architecture attestation DPA: Sub-processor access

Principle 03

Model Isolation

No customer email content is used to train, fine-tune, or adapt foundation models. Reasoning uses in-context learning with fixed model weights.

Why a CISO cares

Training data can be reconstructed from a model's outputs. A model never trained on your data cannot leak your data. Zero training is zero reconstruction risk.

Controls that enforce it

In-context learning only, no gradient updates in production
Model weights fixed and versioned, no production fine-tuning
Supporting ML components train only on structured artifacts, never on email bodies or PII
Training environment physically isolated from production inference pipeline

DPA: Training clause Model version attestation

Principle 04

Intelligence Without Attribution

Cross-customer threat intelligence is derived through a multi-control de-identification pipeline designed to resist re-identification.

Why a CISO cares

Collective threat intelligence is only valuable if it cannot be traced back to any single customer. A leaky IOC pipeline turns your vendor into your breach.

Controls that enforce it

Only de-identified security indicators enter cross-customer intelligence
Timestamps rounded to 24-hour windows
Behavioral indicators aggregated across a minimum of three independent sources before release
Indicators unique to fewer than ten organizations suppressed or generalized
Customer domains, internal identifiers, employee names stripped automatically
Annual re-identification adversary testing validates the pipeline

De-identification test summary Sub-processor list

Principle 05

Infrastructure-Enforced Privacy

Data protection is enforced by cloud infrastructure architecture itself, not solely by operational policy. Model providers have zero runtime access to customer data.

Why a CISO cares

Policy controls can be bypassed by people, processes, or mistakes. Infrastructure controls cannot. The strongest privacy guarantees are the ones that make the wrong behavior impossible, not just forbidden.

Controls that enforce it

AI inference runs through AWS Bedrock in AWS-owned Model Deployment Accounts
Model providers deliver weights only, no access to customer prompts or completions at runtime
Sole sub-processor is AWS. All data stays in US regions
Runtime data cannot traverse to model provider infrastructure
90-day post-termination purge with written certification

AWS Bedrock architecture Sub-processor list Purge certification sample

Data Flow

What the reasoning engine sees, and what it does not.

The AI reasoning layer receives structured findings from the evidence layer. Raw content, raw identifiers, and raw user-attributable data never enter its context window. Evidence-based reasoning is an architectural choice, not a runtime guardrail.

What the reasoning engine sees

Structured findings. Scores. Flags.

URL verdict: safe, suspicious, or malicious Derived by a dedicated URL analysis tool that walked the redirect chain in isolation
Domain reputation score From infrastructure intelligence, not from content
Document type and structural hints e.g., "Excel file, has macros, 50 rows of structured data"
PII pattern indicators (present or absent) Flag only, never the actual SSN, card number, or name
Behavioral anomaly score Relative to tenant baseline, numeric only
Sender infrastructure fingerprint class Pattern category, not the raw headers
Attachment hash class (known good, unknown, known bad)
Link redirect depth and terminal-page properties
Language classification and tone indicators

What it never sees

Raw content. Raw identifiers. Raw bytes.

Raw email body text Not even a summary of it
Attachment bytes or document contents Structural hints only, never the data inside
Actual PII strings SSNs, card numbers, personal names are flags, not values
Customer internal domain names
Employee names or email addresses
Raw HTTP responses from followed URLs The URL tool returns a verdict, not the page HTML
Image contents beyond OCR-extracted structural features
Internal customer identifiers
Message metadata tying content to specific senders or recipients

The most powerful model sees the least raw data.

Compliance

Compliance posture, in one place.

This page describes what makes StrongestLayer's AI privacy architecture different. Compliance attestations are table stakes, not differentiators, and they live where table stakes belong: on our always-current trust center. The controls described on this page are validated within our active SOC 2 audit scope.

Trust Center, Powered by Vanta

Live attestations. Always current. No email required.

SOC 2 attestation, GDPR-compliant data processing, sub-processor list, DPA, security questionnaires, BAA available on request, and audit report summaries in one continuously-updated place.

Visit the trust center →

Want a deeper compliance briefing?

Our sales team can walk through the full architecture with your privacy and security leads.

Schedule a briefing →