Security & Sovereignty
How MX4 Atlas protects your data and supports sovereign deployments.
Zero-Data Retention
MX4 Atlas operates on a strict zero-data retention policy for inference. We do not use your data to train our base models. Your prompts and completions are discarded immediately after processing, unless you explicitly opt-in to local activity journaling.
Encryption
- In Transit: All data is encrypted via TLS 1.3. We support mTLS for private cloud deployments.
- At Rest: For fine-tuned models and activity journals, data is encrypted using AES-256. Keys can be managed by your own HSM or KMS.
Infrastructure Activity Journal
API requests, model inferences, and configuration changes can be logged locally and cryptographically signed. Retention and export are controlled by your infrastructure policy.
Logged Events
- • API key usage and authentication attempts
- • Model inference requests with input token count
- • Fine-tuning jobs and training data access
- • Data exports (via secure export endpoints)
- • Administrative actions (key rotation, permission changes)
- • Security events (failed auth, anomalous usage)
Data Residency Controls
Data residency is enforced by deployment topology and network isolation.
- Compute Residency: Inference runs on servers in your approved region.
- Storage Residency: Models, embeddings, and training data stay within your infrastructure boundary.
- Backup Residency: Backups remain within the same approved region or facility.
- Zero Transit: No external routing by default.
Incident Response
Incident response is owned by your security team. MX4 provides guidance and escalation support for Enterprise deployments.
Immediate Containment
Follow your internal incident runbook and isolate affected services.
Root Cause Analysis
Review activity journal entries and system telemetry to identify cause.
Remediation & Recovery
Apply fixes, validate integrity, and update your security posture.