Trust Center

Security, privacy, and trust — built in.

Enterprise AI adoption is limited by trust, not capability. Cortex makes security, auditability, and deployment boundaries visible from day one.

Data isolation

Every tenant operates in a fully isolated environment. Your data is never mixed with other organizations. Indexes, storage, and processing are scoped to your tenant.

Traceability

Every AI-generated output links to its source documents with inline citations. Full audit trails for all user actions, queries, and generated artifacts.

Access control

Container-based RBAC with role inheritance. Admins, editors, and viewers. Private containers block inheritance for sensitive content. Permissions enforced at the service layer.

Deployment flexibility

Cube5-hosted single-tenant, customer VPC with private networking, or on-premises deployment. Choose where your data lives based on your compliance requirements.

AI governance

AI should augment human judgment, not replace it. Cortex enforces guardrails at every stage of the AI pipeline.

AI outputs are advisory — human review gates before finalization

No customer data used for model training

LLM calls are logged and traceable via Langfuse

Citation-first design: claims without evidence are flagged

Model selection configurable per deployment

Input/output filtering for sensitive content

Compliance

Built to meet the highest security standards for enterprise and heavily regulated industries.

SOC 2 Type II (in progress)

GDPR-compliant data processing

Data residency options (EU, US, custom)

Right to erasure support

Data processing agreement available

Regular third-party security assessments

Legal documents

Policies and agreements

Transparency starts with accessible documentation. Find our policies, terms, and compliance agreements below.

Cube5 Website

Privacy Policy

How we collect and process data on the Cube5 website.

View

Code of Conduct

Standards for interactions with Cube5 and its community.

View

Cube5 Cortex

Privacy Policy

How Cube5 Cortex processes personal data under GDPR.

View

Terms of Service

The terms governing access to and use of Cube5 Cortex.

View

Data Processing Agreement

Controller/processor obligations for GDPR-compliant deployments.

View

Sub-processors

Third-party providers that may process customer data.

View

FAQ

Common questions

What data is retained by third-party Large Language Models (LLMs)?

Cube5 does not send your documents to LLM providers for training. Prompts and document excerpts are sent at inference time only and processed under EU data residency by default (Google Vertex AI, europe-west* regions). See the Sub-processors page for the full list.

Do you support Single Sign-On (SSO)?

Yes. Cube5 Cortex uses Firebase / Google Identity Platform, supporting SSO via SAML and OIDC for enterprise deployments.

What encryption methods does Cube5 Cortex use?

AES-256 encryption at rest (via Google Cloud Storage and Cloud SQL). TLS 1.2+ for all data in transit between clients and the Cortex backend.

What cloud providers are used by Cube5 Cortex?

Google Cloud Platform — Cloud Run, Cloud SQL (PostgreSQL), Cloud Storage, Pub/Sub, Vertex AI, and Firebase Auth. EU regions by default (europe-west*). Deployment in other regions or customer VPC is available.

Where is customer data stored and processed?

EU regions by default (europe-west*). Data residency options — EU, US, or custom — are available and configurable per deployment to meet your regulatory requirements.

Questions about security?

We're happy to walk through our security architecture, share our security documentation, or discuss your specific compliance needs.

Talk to our security team

This website is published by Cube5 SAS, registered in France under SIRET number 92871226400011, with its registered office at 216 Traverse de Saint-jeaume, Domaine de Pré du Lac 17, 06740 Châteauneuf-Grasse, France. legal@cube5.ai