MARAPONE
Security & Data-Handling Overview — Construction
DOC: SEC-PACK-CON
SCOPE: Private AI builds
CONTACT: security@marapone.com
// Data flow — where documents go (and don't)
Documents, model, index, and outputs all stay inside a boundary you control. There is no Marapone-hosted tenant in the path.
// Deployment models
On a laptop
localhost only · FileVault/LUKS at rest · zero outbound.
On-prem server
LAN + VPN · SSO + role-based access · LUKS/BitLocker.
Your cloud tenant
Private VPC · KMS/Disk encryption · IAM + SSO.
// What never happens to your documents
No third-party LLM API calls
Models run on hardware you control.
No training on your data
Any fine-tuned weights are yours and stay with you.
No central data lake
There is no Marapone tenant holding your projects.
No cross-client sharing
Separate codebase, weights, and store per client.
// Data-handling defaults
| Data residency | Canada (Toronto) or EU (Rome) by default; on-prem keeps it entirely with you. PIPEDA / GDPR-aligned. |
| Retention | You set per-document-class windows. Assessment documents deleted after delivery unless you ask us to keep them. |
| Deletion | Single command/UI action wipes a project's docs, embeddings, and project-specific weights. |
| Audit trail | Every query, document touched, and response logged with timestamp + user. Searchable and exportable. |
| Access control | Integrates with your identity provider (SSO); role-based; per-project namespace segregation by default. |
| Agreements | Mutual NDA on request before any documents change hands; project-specific NDA and DPA available pre-build. |
// Ownership at handover
At handover you receive the full source code, any project-specific model weights, deployment and backup runbooks, and admin credentials. There is no license that can be revoked and no server we can switch off. Questions: security@marapone.com.