Your data governance questions. Answered here.
From the AI Firewall to your choice of deployment model, sub-processors, and BAA flow — Backplain is designed around the assumption that your data is sensitive and needs to stay that way.
Your data never leaves the network in a form the model can use.
The AI Firewall is Backplain's patent-pending sensitive-data obfuscation system. It sits between your users and every model. Before any prompt reaches any AI provider, the Firewall intercepts and scans it — and acts on it according to your configured policy.
Hard Block
Reject the prompt with a clear error. The data does not transmit. The admin log shows what was attempted.
User Warning
Notify the user that their prompt contains sensitive data. They decide whether to proceed. The decision is logged.
Silent Reconstitute
Substitute stand-ins, send the prompt, restore the original terms in the response. The model never knew whose contract it was.
We don't train on your prompts. Neither do the model providers.
Backplain does not use your prompts, responses, or uploaded documents to train any model. This is not a policy aspiration; it is how the architecture works.
For every model provider Backplain connects to, the same commitment holds — by contract, under the enterprise data-handling terms each provider publishes. The per-model data governance panel inside the product links to each provider's current attestation.
| Provider | No-training commitment | Data residency options |
|---|---|---|
| OpenAI | Enterprise / API zero-data-retention available | US / EU |
| Anthropic | Enterprise no-training commitment | US |
| Google (Gemini) | Vertex AI enterprise no-training | US / EU / multi-region |
| Meta (Llama) | Hosted on Backplain or partner — no upstream training | US (Backplain) / customer choice (BYO) |
| Mistral | Enterprise no-training commitment | EU / US |
| xAI | Enterprise no-training commitment | US |
| Perplexity | Enterprise / API no-training | US |
| Amazon (Nova / Bedrock) | Bedrock no-training commitment | Multi-region |
| Backplain (open-weight, self-hosted) | Hosted on Backplain infrastructure — no upstream provider involved | San Diego (default) / customer site (Sovereign) |
Your data lives where your governance policy requires.
Multi-tenant SaaS
Logically isolated tenants on Backplain's managed infrastructure. Fastest to deploy. Default for Team and Business.
Customer's own cloud (BYO)
Deploy inside your existing AWS, Azure, or GCP. Data never leaves your cloud account. Available on Enterprise.
Fully managed private cloud
Dedicated environment, managed by Backplain, with full physical and logical separation. Available on Enterprise and Sovereign.
Fully isolated
No shared infrastructure at any layer. Network-level isolation. Sovereign tier.
Dedicated bare metal — San Diego Tier 3 colo
Hardware Backplain owns, colocated in a SOC 2 Type II certified Tier 3 facility. 8× NVIDIA L40S GPUs, 1 TB RAM, dual 10 G isolated VLAN. Sovereign Compute.
Customer site / SCIF-adjacent
Lambda Scaler delivered to your facility. Backplain operates remotely (or via on-site engagement for SCIF). Sovereign Compute, customer-site tier.
The full list. Updated when it changes.
| Sub-processor | Purpose | Region | Customer-controllable |
|---|---|---|---|
| AWS | Multi-tenant SaaS infrastructure (Team / Business) | us-east-1, us-west-2 | BYO cloud opt-out on Enterprise |
| Backplain San Diego DC | Sovereign Compute production | San Diego, CA | Default for Sovereign |
| Backplain AI Lab (Carlsbad) | Fine-tuning, evaluation, R&D | Carlsbad, CA | Sovereign / AI Lab tiers |
| OpenAI / Anthropic / Google / Meta / Mistral / xAI / Perplexity / Amazon | Model inference (per user model selection) | Provider-defined; per-model residency selectable | Models can be disabled org-wide |
| Auth0 (Okta) | Authentication | US | SSO via customer IdP available |
| Stripe | Billing (self-serve tiers only) | US | Invoiced on Enterprise / Sovereign |
| Sentry | Application error monitoring (no prompt content) | US | Disable on request |
| Resend | Transactional email | US | Customer SMTP available on Enterprise |
Sub-processor changes are notified 30 days in advance under the DPA. The current list is maintained at this URL and is the canonical reference.
Every session. Every prompt. Logged.
The Backplain admin console logs every user session, every prompt sent, every model selection, and every AI Firewall event. The compliance dashboard surfaces prompt volume by user, Firewall catch rate by category, session timestamps, and model selection history.
Reports are available through AWS QuickSight on Business and Enterprise tiers, with a full API for custom reporting and Pro Services hours for custom dashboards. Sandbox Mode (Business+) provides a read-only mirror of your tenant for auditor walkthroughs without exposing live user data.
Note: an in-product visualization UI for log browsing is on the near-term roadmap. Logs are accessible through the reporting layer and the API today.
Where we stand on SOC 2, HIPAA, ISO, and more.
| Standard | Backplain SaaS | Sovereign (San Diego DC) |
|---|---|---|
| SOC 2 Type II | In progress (target: Q3 2026) | Inherited from facility (SOC 1/2/3 Type II) |
| HIPAA — BAA available | Enterprise tier | Enterprise / Sovereign |
| HITRUST CSF | Roadmap | Inherited from facility |
| ISO 27001 | Roadmap | Inherited from facility |
| ISO 22301 / 20000-1 | — | Inherited from facility |
| NIST 800-53 / 800-171 (CMMC L2 baseline) | Mapped controls | Inherited from facility |
| PCI DSS | Stripe-handled (no card data on Backplain) | Inherited from facility |
| FedRAMP | Pursuing — not yet listed on the Marketplace | Pursuing |
| GDPR / DPA | DPA available; SCCs included | Customer-site option for EU residency |
Documentation packages — SOC 2 progress letter, security overview, DPIA template, BAA template, sub-processor list, penetration test summary — available under standard mutual NDA via the security inbox.
How we execute a BAA.
Step 1. Raise the BAA requirement on the discovery call (or in your security questionnaire). We'll route to the Enterprise track.
Step 2. Backplain sends our standard BAA with the order form. Most customers sign as-is; redlines accepted on Enterprise and Sovereign.
Step 3. BAA executes alongside the order form. Tenant is provisioned with PHI controls enabled by default — Hard Block on PHI category, audit retention extended, customer-controlled encryption key option offered.
- ·TLS 1.3 in transit · AES-256 at rest
- ·No training on customer data — contractually guaranteed
- ·US-based data residency available; EU on Sovereign customer-site
- ·Patent Pending — AI Firewall
- ·BAA available on Enterprise and Sovereign
- ·BYOK (customer-managed keys) available on Sovereign
- ·SSO/SAML and SCIM provisioning standard
- ·30-day breach-notification commitment in DPA
Have your IT director ask a hard question.
The 20-minute security demo answers it — with the actual admin console, not a slide deck.