AI infrastructure, built for regulated workloads.
SkyAIApp is designed for enterprise security and compliance review: identity, access, audit, data boundaries, PII controls, and procurement materials move through one path. Public pages show architecture and readiness; customer-specific evidence is available by request or NDA.
Public-claim boundary
To keep the site credible, certification, customer, uptime, and savings claims are framed as readiness, in-progress, modeled benchmarks, or composite profiles until third-party validation or public customer permission exists.
Compliance & material status
Readiness worksheet and control map available for enterprise diligence; audit report pending completion.
ISMS control mapping and evidence index prepared; certification path in progress.
EU data subject rights, DPA available, EU-only data residency option.
BAA available for healthcare customers, PHI fields FPE-encrypted.
Payment data is routed to PCI-scoped payment processors; SkyAIApp does not store raw card numbers.
AI management system standard — alignment in progress for 2026 Q4.
How procurement material is shared
Public on the site
- Security architecture overview, sub-processor list, status page, privacy policy, and terms.
- Modeled benchmark methodology and sample workload assumptions.
Available by request / NDA
- SOC 2 readiness worksheet, ISO 27001 control map, DPA, BAA template, SLA draft, and security questionnaire answers.
- Pen-test executive summary and compliance evidence index when the engagement completes.
Customer-specific configuration
- Data residency, trace retention, BYOK, model-provider allowlists, and tool permission scopes.
- POC success criteria and replay benchmark report for the buyer's own workload.
Six pillars
Encryption in transit & at rest
TLS 1.3 in transit; AES-256 at rest with KMS-backed envelope. BYOK and HSM options for regulated tenants.
Identity & least privilege
SSO (SAML / OIDC) + SCIM; fine-grained RBAC; MCP tools authorized per scope + OPA policy; step-up auth on high-risk ops.
Audit & observability
Append-only ledger; every trace pins model, policy version, and PII entities; one-click export for DPOs and regulators.
Data residency
US, EU and APAC regions available; EU-only routing pin for European tenants.
AI safety
Prompt-injection defense, PII detection (Presidio + LLM judge), content moderation, and hallucination suppression are on by default.
Availability & resilience
Multi-region active-active; 99.98% platform uptime over the trailing 90 days; 24/7 paged incident response.
Procurement FAQ
Can we validate savings on our own traffic before buying?
Yes. A typical POC mirrors 1-2 weeks of traffic, builds a single-model baseline, then replays candidate policies without changing end-user behavior.
How do you separate public claims from private diligence material?
Public pages only show product architecture, methodology, and modeled examples. Customer-specific benchmarks, contracts, and compliance evidence are shared by request or under NDA.
What data is retained in traces?
By default traces keep request metadata, routing decisions, token counts, model choice, errors, and timing. Prompt and output content retention can be shortened or disabled per policy.
Do you support regulated workloads?
The platform is designed for regulated review with SSO, RBAC, audit export, PII controls, residency options, DPA workflows, and BAA templates for eligible enterprise customers.
Which teams need to be involved in evaluation?
The strongest evaluations include the product owner, platform/FinOps, security, legal/procurement, and one engineering owner who can compare traces against the current stack.
Sub-processors
We use the following sub-processors to deliver the service. Customers may object to a newly added sub-processor within 30 days at trust@skyaiapp.com.
| Provider | Purpose | Region |
|---|---|---|
| AWS | Compute, storage, networking | us-east-1, eu-west-1, ap-southeast-1 |
| Google Cloud | Compute, ML accelerators | us-central1, europe-west4 |
| Cloudflare | Edge, WAF, DDoS | Global edge |
| Vercel | Console + marketing hosting | Global edge |
| Stripe | Billing & payments | Global |
| Datadog | Observability & alerting | US, EU |
| Snowflake | Analytics warehouse | US, EU |
| Okta | Internal SSO | US |
Policies & documents
Live system status
The status page currently shows sample heartbeats generated from a multi-region probe model; production probes and incident history move to real service data at public beta.
Regulated industry? We will help you pass audits.
Reach our security team for the readiness pack, DPA / BAA templates, security questionnaire answers, and a POC evaluation checklist tailored to your workload.