Security · For CIOs, CTOs, Procurement

Your governance perimeter doesn't move.

Vonbuild runs inside your existing Microsoft 365 or Google Workspace tenant. Your SSO, your conditional access, your DLP boundary, your retention policies — inherited automatically. No new security model to validate. No parallel admin console.

Book a technical deep diveSee the technical architecture
DSI / CTO at their desk in a modern open-plan tech office — the kind of person who validates Vonbuild's security architecture

Validated by the kind of person who already runs your Microsoft 365 tenant

Identity inheritance

Your identity. Your rules.

Vonbuild does not invent a parallel identity model. It rides on the one your IT department already governs.
SSO inheritance

M365 / Workspace SAML.

Same login, same MFA, same conditional access. No new password to manage. SCIM provisioning supported.
DLP boundary

Your policies carry over.

Microsoft Purview / Google DLP labels are respected. Documents you've classified as confidential stay confidential.
Retention policies

Your IT calendar wins.

Document retention follows your tenant rules. Audit log retention configurable to your compliance schedule.
No parallel admin

One identity governance.

Your existing identity team manages access. No second admin console to learn, audit, or revoke when someone leaves.
Scope model · 3 tiers

What flows where, and what stays gated.

Project-centric agents · firm-aware retrieval on non-sensitive · sensitive stays scoped. The agent decides per node — your IT inherits the policy.
Tier 1

Project scope

Default fail-closed. Visible only to project members. Examples:
  • Negotiation positions
  • Internal redlines
  • Bid pricing strategy
  • Project-specific risk register
Tier 2

Company scope (non-sensitive)

Flows firm-wide. Available to all users with the relevant role. Examples:
  • Supplier reliability history
  • Firm precedent on public matters
  • Normative defaults · approved playbooks
  • Project archetypes · firm extensions
Tier 3

Sensitive · access-gated

Only users with explicit access. The strictest tier. Examples:
  • Privileged communications
  • M&A / restructuring material
  • Attorney-client work product
  • Individual compensation / HR-sensitive

Implementation: per-node confidential flag · _filter_node_visibility() at read time · agent decides per call, never hardcoded whitelist. Project-centric today. Company-centric always-on agents = roadmap.

Live demo · Scope model in action

Different roles. Same graph. Different views.

In-house counsel sees the privileged clause; the QS sees the cost line; the partner sees both. Same project memory, agent-decided per-node filtering. Cognitive confidentiality, not RBAC bolt-on.

3 contributors · 3 SharePoint departments · 1 shared project graph

Each user uploads their own folder. The Vonbuild knowledge graph stitches everything together — automatically, with cognitive confidentiality.
Human-in-the-loop · ConfirmRisky

Autonomous, supervised.

An agent can analyse 10,000 documents alone. It cannot send a single binding email without your approval.
ConfirmRisky protocol

Any irreversible action waits for you.

Sending an external email · approving a financial commitment · validating an execution drawing · signing off on an EoT notification — all blocked by default until a human with the right role clicks Approve.
The decision is yours

The AI prepares. You decide.

The workforce prepares the deliverable, surfaces the evidence, flags the risk. Your validation surface stays trustworthy. Liability stays human.
Live demo · The actual modal

This is the gate. There is no other path.

No "auto-approve". No "remember my preference". No backdoor. Every binding action surfaces this modal — with the recipient, the artefact, the evidence chain. Your click is the only thing that releases it.
Audit trail

Every action, logged. Every approval, traced.

Immutable. Exportable. Designed for legal discovery and internal audit.
Per record
User · timestamp · action · model version · document hash (SHA-256) · source citations · approval chain
Format
Immutable append-only log · JSON export for discovery review platforms · CSV export for finance teams · SIEM-compatible streaming
Retention
Configurable per tenant. Default 7 years. Inherits your M365 / Workspace retention policies if you prefer.
Tamper detection
Document hashes captured at ingestion. Audit log chain-signed. Any modification of a logged entry is detectable.

audit_trail.json · sample record

{
"record_id": "evt_2026-05-15_08:14:23_a7f4",
"tenant": "firm.onmicrosoft.com",
"project_id": "BR-VAR-2026-04",
"user": "[email protected]",
"user_role": "in-house-counsel",
"action": "claim_file_assembled",
"extension": "EXT-LEG-01",
"model_version": "vonbuild/legal-1.4.2",
"timestamp": "2026-05-15T08:14:23Z",
"documents_processed": 412,
"document_hashes": [
  "sha256:7a4f9c2e...",
  "sha256:c182be01..."
],
"scope": "project",
"confidential": true,
"approval_chain": [
  { "approver": "[email protected]", "ts": "2026-05-15T09:02:11Z", "decision": "approve" }
],
"exportable": true,
"tamper_signature": "sha256:9b22fa7e..."
}
Live demo · Cascade trace

What "every approval traced" looks like.

Master dispatched → workers spawned → tools called → consolidated output → human approval. The full graph stays in your tenant, exportable as JSON, ready for discovery.
Conversation graph
Tick conversations to spawn or merge them.
0 selected
Merge 0 conversations
Into tower
Master
Legal
Sales
Technical
Operations
Procurement
Cancel
Live demo · Event stream

The append-only log, in the app.

Every document version, every approval, every email, every agent action — timestamped to the second, immutable, hash-chained. The legal-grade chronology a dispute needs, ready before the dispute arrives.

Event stream

ListCalendar
Time-bar at risk: Avenant #3 — 7 days remaining
Legal agent·May 4 · 09:14
Persisted across the Vonbuild knowledge stack
Project timelineDBProject knowledgeRAGCompany knowledgeRAGProject mappingGraphCompany mappingGraph
Email sent: relance livraison acier
Operations agent·May 4 · 08:42
Persisted across the Vonbuild knowledge stack
Project timelineDBProject knowledgeRAGCompany knowledgeRAGProject mappingGraphCompany mappingGraph
OneDrive indexed 47 documents
System·May 3 · 17:30
Persisted across the Vonbuild knowledge stack
Project timelineDBProject knowledgeRAGCompany knowledgeRAGProject mappingGraphCompany mappingGraph
Confirmation rejected: send claim letter
Kais Shili·May 3 · 14:08
Persisted across the Vonbuild knowledge stack
Project timelineDBProject knowledgeRAGCompany knowledgeRAGProject mappingGraphCompany mappingGraph
Deployment posture

Match your CIO's posture exactly.

Three levels of sovereignty. Pick the one that matches your firm's data-residency commitments.
SaaS · EU bare-metal

Tenant-resident SaaS

Vonbuild infrastructure runs on dedicated bare-metal servers physically in Germany. No US hyperscaler dependency. GDPR exclusive. No FISA Section 702.
  • • Hetzner FSN1 · Auction-tier
  • • Per-tenant Kubernetes isolation
  • • Network policies between tenants
Hybrid · BYO-LLM

Bring Your Own LLM

Platform LLM-agnostic. Connect your own LLM keys (Claude / GPT enterprise / Azure OpenAI / a local model). No prompt leaves the perimeter you authorise.
  • • Your provider, your contract
  • • Zero-retention enterprise endpoints
  • • Locally hosted models supported
On-premise · zero-trust

On-premise deployment

Full platform on your own servers. Air-gappable. Your data never leaves your physical infrastructure. For public-sector contracts and defence-adjacent firms.
  • • K8s on your hardware
  • • Internal-only network
  • • Custom MCP for your in-house ERP
Live demo · BYO-LLM in action

Your model. Per-task routing. Today, not roadmap.

Pick the provider per workflow — Claude Enterprise for legal, your fine-tuned model for proprietary calculations, a local model for the most sensitive matters. Your existing model-vetting cycle carries over. No new approval gate.
The questions your IT director asks first

Short answers. Full documents in the deep-dive.

Who has access to our data at Vonbuild?

Nobody by default. Each tenant runs in an isolated Kubernetes namespace. Vonbuild engineers do not have production access to client workspaces. Any maintenance intervention requires a formal authorisation request with full logging. In BYO-LLM / on-premise mode, we physically cannot access your data.

Are prompts retained by the LLM provider?

In Pro mode, prompts go through enterprise LLM endpoints with retention/training disabled (Claude Enterprise, OpenAI ZDR, Azure OpenAI no-data-retention). In BYO-LLM / local mode, prompts never leave your perimeter. We recommend BYO-LLM for the most sensitive matters.

Is Vonbuild trained on our data?

No. Non-negotiable. None of your documents, drawings, or prompts is used to train foundation models. Your data feeds inference only. Documented in the DPA.

SOC 2 / ISO 27001 ?

SOC 2 Type II roadmap: targeted Q4 2026. ISO 27001 follow-on. CAIQ / SIG questionnaires answered on request. DPA ready. We don't claim certifications we don't have — but we can substantiate every control with documentation and audit logs.

What if Vonbuild ceases operations?

Your data is yours. Export all documents, extensions, knowledge graph, and audit log at any time via the export API in standard non-proprietary formats. In the event of cessation, a 90-day export window is contractually guaranteed.

EU Cloud Act / US extraterritorial reach?

SaaS deployment on EU bare-metal infrastructure, exclusive GDPR jurisdiction, no US hyperscaler dependency for storage. For absolute zero-US-reach, BYO-LLM with EU-only providers + on-premise option remove any extraterritorial exposure.

Book a technical session.

Bring your security team. We come with CAIQ, SIG, DPA, threat model, architecture diagrams. 60 minutes. No marketing slides — your governance questions, answered line by line.

Book a technical deep dive

See the technical architecture