Ananse
    ProductSolutionsResourcesCompanyPricing
    Sign InRequest a Demo
    01Security

    Built for
    privileged data.
    From day one.

    Multi-tenant isolation enforced at the data layer on every retrieval. Zero training on your documents, zero data retention on AI inference.

    Request security overview→Email security team

    Zero data retention

    AI inference, by policy

    AES-256 at rest

    AWS KMS key management

    TLS 1.3 in transit

    All endpoints

    Zero training

    On customer data, ever

    Multi-tenant isolation

    user_id AND case_id

    02Security posture

    Controls that earn
    a place in your workflow.

    Encryption, isolation, retention, and compliance — engineered for privileged data, not bolted on after the fact.

    01

    Encryption everywhere

    AES-256 at rest with AWS KMS key management. TLS 1.3 in transit on all endpoints. Every blob, queue message, and database row is encrypted.

    02

    Multi-tenant isolation

    Every retrieval filters by user_id AND case_id at the data layer. Matter A cannot leak into Matter B — partitioning is structural, not an application-level guard.

    03

    SOC 2 program underway

    Our SOC 2 Type II readiness program covers the security, availability, and confidentiality trust service criteria. Documentation available on request.

    04

    Retention & deletion

    Documents retained for the duration of the active case plus a 90-day grace period. Deletion on request, with audit-log confirmation.

    05

    E-discovery compliance

    Bates numbering, custodian mapping, privilege review, and FRCP 26(b)(5) privilege logs — defensible production built into the workflow.

    06

    Zero training on your data

    Your documents are never used to train any model. AWS Bedrock runs in zero-data-retention mode — prompts are never retained or used for training.

    03Tenant isolation

    Filtered by user_id AND case_id. Always.

    This is not an application-level guard — the partitioning is structural. A retrieval call that omits either key fails at the data layer before it reaches the language model. Matter A cannot leak into Matter B.

    Isolation Stack
    01Database — row-level security by user_id + case_id
    02Vector store — Qdrant collections namespaced per tenant
    03Knowledge graph — Neo4j Cypher scoped to user_id / case_id
    04S3 blobs — per-tenant keys, region-pinned storage

    No cross-tenant leakage — enforced at every layer

    0Cross-tenant leaks, by design
    AES-256Encryption at rest, KMS-managed
    TLS 1.3In transit, all endpoints
    ZDRAI inference — zero data retention
    04Compliance

    What we certify
    and commit to.

    Every hop in the pipeline is queue-mediated and encrypted. No component has direct access to another tenant's data.

    01

    SOC 2 program

    Our SOC 2 Type II readiness program is underway, covering the security, availability, and confidentiality trust service criteria. Current security documentation is available on request.

    Request documentation →
    02

    Sub-processors

    AWS, Qdrant Cloud, Neo4j, Supabase. Full list published below. Each covered by a signed data processing agreement.

    See the list →
    03

    Data residency

    All case data stored in AWS us-west-2 by default. Custom regions available on Enterprise plans. No cross-border transfer without explicit configuration.

    See Enterprise →
    04

    Retention

    Documents retained for the duration of the active case plus a 90-day grace period. Deletion on request, with audit log confirmation.

    Contact us →
    05Sub-processors

    Who processes your data.

    Each sub-processor is subject to a signed data processing agreement. This list is current as of June 2026 and will be updated on any material change.

    AWS S3Encrypted document blob storage. Case files never leave your designated AWS region.
    AWS SQSAsync message queuing between extraction and ingestion workers. Messages are encrypted and short-lived.
    AWS BedrockManaged inference for Claude-based response generation. Zero-data-retention mode enabled — prompts are never used for model training.
    AWS ECS / FargateServerless compute for GPU extraction (g5.xlarge) and RAG ingestion workers. No persistent compute surfaces between jobs.
    Qdrant CloudVector database for semantic retrieval. All collections namespaced by user_id and case_id — cross-tenant queries are structurally impossible.
    Neo4jGraph database for entity-relationship storage. Same user_id / case_id partitioning enforced on every Cypher query.
    SupabasePostgreSQL-backed metadata store for users, cases, and document records. Row-level security policies enforced at the database layer.
    Security inquiries

    Need our security overview, DPIA, or sub-processor list?

    We respond to security inquiries within one business day. Email security@ananse.ai or use the contact form — we have a pre-built vendor risk assessment packet ready.

    Contact security team→Request security docs
    Ananse

    The citation-first AI workspace for litigation. From evidence to insight — defensible by design.

    AI-Native E-Discovery

    Product

    • Overview
    • Document Chat
    • Connection Mapping
    • E-Discovery
    • Legal Research
    • Document Drafting

    Solutions

    • BigLaw
    • Boutique Litigation
    • Corporate Counsel

    Company

    • About
    • Security
    • Resources
    • Contact

    Get Started

    • Pricing
    • Request a Demo
    • Sign In
    Ananse
    © 2026 Ananse — Arachnid Solutions
    PrivacyTermsSecurity