AI Assistants CRM Email + Projects Live Chat Ticketing Flows Enterprise Security HR-lite Control Center Solutions Pricing Start free trial
Patent-pending · App 2602911.6

Security that’s
structural, not bolted on.

SCRS is the firewall the whole suite is built on: it blocks unauthorised data before the AI can see it. Add SSO, BYOK, data residency and matter walls, and you have enterprise-grade trust without an enterprise project.

✓ UK GDPR✓ ISO 42001 on trackSOC 2 / ISO 27001 on roadmap✓ No client-data training
SCRS firewall
model sees [PII-7f3a] you see Henderson Ltd 🔒
fail-closed · audited

How the firewall works.

A firewall, not a filter — private data never reaches the model.

1

Block before search

Permissions are enforced during retrieval — out-of-scope data is removed before results even exist.

2

Zero plaintext in index

The vector index holds no readable text; content lives in a separate encrypted store, tokenised.

3

100% fail-closed

Content is released only after cryptographic verification. Any failure returns nothing.

Before any model call

Personal data is tokenised, not trusted to a prompt.

Most “AI privacy” relies on asking the model nicely to behave. We don’t. Identifiers are detected and swapped for reversible tokens before a single byte leaves for a third-party LLM — so the model reasons over client_4821 while you keep reading Henderson Ltd.

  • 11 built-in regex detectors — email, UK & US phone, SSN, credit card, IP address, date of birth, National Insurance, passport, UK postcode and US ZIP.
  • spaCy NER on top — named people, organisations and places are caught even when they don’t match a pattern.
  • Reversible by design — tokens map back to the real value on the way out, inside your tenant, never in the prompt.
  • Pseudonymised outbound — anything sent to a connected third party goes through the same redaction first.
redact → reason → restore
raw 07911 123456 [UK_PHONE-2c]
raw Henderson Ltd [ORG-7f3a] 🔒
names never reach the LLM

One firewall, every module.

SCRS isn’t a feature of one app — it sits under all of them, so the same rules apply wherever data moves.

📁

CRM & matters

Pipelines, deals and client matters with field-level RBAC and ethical walls between clients.

See CRM →

Email & Documents

Bring-your-own mailbox AI triage and free Document, Workbook & Deck editors — all governed.

See Email & Docs →
💬

Live Chat & Tickets

An autonomous chat agent and SLA-driven ticketing — transcripts redacted before the model sees them.

See Live Chat →
📋

Flows & HR-lite

Forms, booking pages and the joiner–mover–leaver directory — offboarding flips the kill-switch.

See Flows →

Governance

DSAR, RoPA, consent, DPIA, AI impact assessments and operational registers in one workflow.

See Governance →
🛠

Control Center

Storage, residency, retention, access and billing governed from a single console.

See Control Center →
Joiner · Mover · Leaver

When someone leaves, their access leaves with them.

Offboarding shouldn’t mean a frantic checklist and a forgotten share link. In Other Me, marking a person as a leaver in HR-lite trips the SCRS kill-switch — their access is logically revoked across every module at once, and the action is written to the audit ledger.

See HR-lite →
1

Joiner

Add a person once; role-based access flows to the modules they need — nothing more.

2

Mover

Change a role and permissions follow. SCRS re-scopes what the AI can retrieve on their behalf.

3

Leaver

Mark them a leaver — the kill-switch revokes data access everywhere, logged with a reason.

Enterprise controls

Coming soon — ask us about early access.

🔑

SSO & SCIM

SAML/OIDC single sign-on and automated provisioning.

🔐

BYOK

Bring your own keys; crypto-shred to delete by destroying keys.

🌏

Data residency

Pin storage and processing to your region.

Matter walls

Hard isolation between clients and teams, enforced and logged.

These enterprise controls are on the way and not yet purchasable. Talk to us about early access →

Trust Center

Proof, on a page.

A live Trust Center shows your security posture, hosts your policies, and — with Governance — auto-answers the security questionnaires that slow deals down. Every claim backed by the tamper-evident audit ledger.

Explore Governance →
📋

Tamper-evident audit

Hash-chained log of every access and action.

Kill-switch

Suspend AI or a tenant instantly, with a logged reason.

🧬

No training on your data

Your content is never used to train shared models.

How your data is handled.

The plain-English answers to the questions a buyer’s security team always asks.

DATA RESIDENCY
UK / EU
MODEL TRAINING
Never
FAILURE MODE
Fail-closed
PATENT
Pending

Where it lives

Storage and processing sit in the UK / EU. Content is held in an encrypted store, kept separate from the search index — which carries no readable text at all.

Who can reach it

Field-level role-based access decides what each person sees, and SCRS enforces it during retrieval — not as an after-the-fact filter on results that already exist.

What the AI sees

Personal data is tokenised before any third-party model call. The model reasons over placeholders; real values are restored inside your tenant. Your content is never used to train shared models.

What’s recorded

Every access and action is written to a hash-chained, tamper-evident ledger — the evidence behind a DSAR, an incident review, or a routine audit.

Compliance status, stated honestly.

We’ll never claim a certification we don’t hold. Here’s exactly where we are.

FrameworkStatusWhat it means today
UK GDPRCompliantLawful basis, data-subject rights and our DSAR / RoPA tooling are in place.
UK Age Appropriate Design CodeCompliantBuilt to the Children’s Code where it applies.
ISO/IEC 42001 (AI management)On trackActively working toward it — not yet certified.
SOC 2 Type IIOn roadmapPlanned (Q4 2026 / 2027). Not yet audited or certified.
ISO/IEC 27001On roadmapPlanned (Q4 2026 / 2027). Not yet certified.
HIPAABy BAA / contractAvailable under a Business Associate Agreement where required.
EU AI ActMonitoringTracking obligations as the framework takes effect.

Nothing on this page is certified yet. We use “on track” and “on roadmap” deliberately — and the audit ledger is there to back up what we do claim. See the Governance suite →

Built for regulated practices

When a slip is a breach, not a bug.

Accountancy, legal, mortgage & IFA and healthcare teams can’t paste client data into a generic chatbot and hope. SCRS lets them use modern AI without handing client identities to a model — with the ethical walls, audit trail and offboarding controls their regulators expect.

  • Ethical walls keep one client’s matter out of another’s reach.
  • The tamper-evident ledger answers “who saw what, when” without a fire-drill.
  • Reversible tokenisation means the AI helps without ever seeing the real names.

“The point isn’t to trust the AI with client data — it’s to make sure the AI never gets it in the first place. That’s the difference between a filter and a firewall.”

— The design principle behind SCRS

PII DETECTORS
11 + NER
TENANT WALLS
Enforced

The trust layer under everything

SCRS protects every module — CRM, Mail, Documents, Live Chat and the rest — and all of it is governed from one Control Center.

See the Control Center →