Security & Compliance

Compliance-first by design—guardrails you can audit.

Lonia Sentinel is built to support a premium, enterprise-facing posture: SOC 2-aligned controls, HIPAA-grade handling of sensitive data, GDPR/UK GDPR awareness, and accessibility-forward outputs. We prioritize least-privilege access, strong logging, and transparent operational boundaries.

Least privilege Audit trails PII-aware handling Governance-ready WCAG 2.2 AA mindset

Data handling & privacy

  • PII-aware routing and redaction-friendly workflows
  • Data minimization: collect only what’s needed to operate the service
  • No public training on client data
  • Retention aligned to operational need and contractual requirements

Audit trail & observability

  • Run history: success/fail/blocked outcomes
  • Policy checks and flags stored alongside content decisions
  • Metrics capture to support optimization and reporting
  • Change traceability for key settings (where supported)

Access control

  • OAuth SSO for portal access (no password login)
  • Role-based access patterns (as configured)
  • Least privilege tokens for integrations
  • Separation of environments for production

AI transparency & provenance

  • Provenance flags stored for disclosure readiness
  • AI-assistance indicators aligned to platform norms where possible
  • Content risk routing (brand safety + policy checks)
  • Clear boundaries: automation with governance, not “black box posting”

Compliance posture summary

  • SOC 2 alignment: operational controls, logging, least privilege, change discipline.
  • HIPAA-grade handling: sensitive-data-aware workflows and access boundaries.
  • GDPR/UK GDPR: minimization, purpose limitation, and rights-aware practices.
  • Accessibility: WCAG 2.2 AA + Section 508 mindset for customer-facing artifacts.

Need a control overview for procurement? Email support@lonia.ai.