Trust and security
REAL connects to the documents and systems that run your portfolio, so isolation, auditability, and control are not features added on top. They are how the platform is built, from a single-tenant architecture to AI that is grounded in your data and governed by your team.
Compliance built in
Audited continuously by PwC across security, availability, and confidentiality.
The international standard for information security management.
Cloud-specific extension of ISO 27001, for deployment architecture.
Single-Tenant by Design
A dedicated tenant for your deployment. No shared data plane.
Bring Your Own Key (BYOK)
Your keys, your encryption policy.
Bring Your Own Model Key
Connect AI to your own approved provider accounts.
Data Residency Options
Regional deployment aligned to regulatory requirements.
AI Monitoring & Guardrails
Detects malicious prompts, sensitive data exposure, and abuse signals.
No Customer Data Training
Your data is never used to train REAL-owned models. Ever.
Retrieval-Augmented Generation
AI answers are grounded in your data, not generic internet knowledge.
Explainability & Traceability
Every answer links back to the source document. Fully auditable.
Human-in-the-Loop
Critical decisions require human review before action is taken.
Fairness & Bias Mitigation
Models tested for disparate impacts. Datasets audited for bias.
AI Lifecycle Governance
Governed from ideation to deployment with continuous post-deployment monitoring.
Security & infrastructure
Your environment runs separately, on your cloud and your keys.
Your tenant runs its own authentication, databases, storage, processing, workflow state, and encryption.
Tenant isolation
auth · db · storage · cache · workflow · keys
auth · db · storage · cache · workflow · keys
Tenant-level controls handle data residency, procurement alignment, and regional compliance.
Deployment options
Encryption at rest and in transit by default, extended with Bring Your Own Key so encryption policies stay aligned with your enterprise key management program.
Encryption posture
Role-based access scoped to your tenant, integrated with Okta, Azure AD, and your existing identity stack.
Access · least privilege
AI governance
Your data powers every answer, kept inside your tenant.
Customer data stays inside your tenant and powers only your own answers, never used to train REAL or third-party models. AI calls route through your approved provider accounts (OpenAI, Azure OpenAI, Bedrock, Gemini), with model cards on every system and your usage policies intact.
Customer data lifecycle
Outputs trace back to the source document, section, or extracted record. Validation paths sit inside every answer, so audit, compliance, and finance teams can verify every figure.
Trace · CAM recovery answer
“$418,200 over-billed across 27 leases for FY24.”
Critical decisions require human approval before action. Runtime guardrails (Pangea AI Guard, OpenAI Moderation, Azure AI Content Safety) sit on every prompt and response, catching sensitive data exposure, injection attempts, and unsafe outputs before they land.
Guardrails · runtime checks
The REAL Suite
Every agent in the REAL suite runs on the foundation you set during onboarding, inside one tenant with one trust posture.
Request the security documentation, walk through the architecture with our team, or watch a demo of the suite running end-to-end.
Trust
At enterprise scale, expect SOC 2 Type II for security, availability, and confidentiality, ISO/IEC 27001 for information security management, and ISO/IEC 27017 for cloud-specific controls. REAL holds SOC 2 Type II, audited continuously by PwC, along with ISO/IEC 27001 and ISO/IEC 27017, so the certifications are in place before a single document is connected.
The architecture is what makes it compliant, not the model. Look for single-tenant deployment so there is no shared data plane, the ability to bring your own encryption keys, and the ability to route AI calls through your own approved provider accounts under your audit trail. REAL runs in a dedicated tenant on your cloud and your keys, supports bring your own key and bring your own model key across providers like Azure OpenAI, Bedrock, and Gemini, and offers regional data residency, so your environment stays isolated end to end.
Auditability comes from three things: answers grounded in your own data rather than generic knowledge, a link from every answer back to its source document, and human review before any action is taken. REAL grounds answers in your data using retrieval, links every answer to the source so it can be traced, and routes critical decisions through human approval, so finance and compliance can stand behind every output.
No. Your data is never used to train REAL-owned models. The platform improves through methodology and through the context already inside your own deployment, not by moving your data across customers. That commitment is built into the single-tenant architecture, not added as a policy on top of it.