Security posture
SageWM CIO is a multi-tenant SaaS. Every tenant-owned row carries a tenant identifier and is scoped by a server-side withTenant data layer — the active organization is resolved from your signed session, never from a client-supplied value. Cross-tenant data leakage is treated as a security breach, not a bug.
- Encryption in transit. TLS 1.2+ on every hop (browser↔app, app↔database, app↔queue, app↔integrated tools); no plaintext fallback.
- Encryption at rest. Disk/volume encryption on the host; highest-sensitivity values (secrets, OAuth tokens, webhook signing keys, TOTP secrets, PHI-adjacent fields) are protected by AES-256-GCM field-level encryption with a versioned envelope.
- Access control. A five-role taxonomy (Operator, Admin, Manager, Contributor, Viewer) with CIO-domain specializations. Permissions are granted as
resource.actionand checked server-side on every route and every AI tool — deny by default. UI hiding is never authorization. - Multi-factor authentication. TOTP MFA with recovery codes is available for Admin and Operator accounts.
- Audit trail. An append-only, hash-chained audit log records mutations; operators cannot edit their own trail. Audit data is retained at least 6 years (extended to 7 years for cybersecurity tenants).
AI posture
The Sage AI assistant acts only inside a customer-configured governance engine. Five binding guarantees:
- A single AI gateway egress — no direct model calls anywhere else; no client ever holds a model API key.
- No PHI or secrets reach a prompt, trace, or log. Prompt text is stored as a SHA-256 hash only.
- AI never writes to a system of record without human approval (
AiApprovalBar). - Every AI tool call enforces the calling user's RBAC and tenant — a tool the user cannot call, the AI cannot call.
- Autonomy defaults to a small, low-risk, reversible set; tenants can narrow, never widen.
Compliance
Claims are listed only when true and current.
- HIPAA posture (healthcare tenants). A Business Associate Agreement (BAA) is available at the HDPulseAI company level for healthcare-classified tenants. A lifecycle gate refuses the trial → active transition for a healthcare tenant unless a BAA is on file. PHI is handled with minimum-necessary scope, masked by default, and never written to logs, analytics, URLs, or AI prompts.
- SOC 2 / ISO 27001. Not yet claimed — these audits are not complete at launch. They are on the roadmap; this page will be updated when an independent report is issued. We do not display a compliance badge we cannot back.
Subprocessors & vendors
SageWM CIO aggregates data from your existing tools via a catalog of integrations. The connector catalog — auth mode, sync scope, and the credentials each connector stores — is documented in the integration catalog. A vendor register with per-vendor retention is maintained per the data-protection standard and available to customers under NDA.
Connector credentials (OAuth tokens, client secrets, webhook signing keys) are stored as AES-256-GCM envelopes referenced by a credential_ref — raw secrets are never persisted in plaintext, never logged, and never sent to a model.
Data residency
At launch SageWM CIO runs on a single-region shared Postgres instance (US-only posture). Tenant isolation is logical (row-level), not physical. Multi-region and per-customer residency are an explicit non-goal at launch and are on the roadmap; a customer requiring physical isolation or a dedicated region cannot be served at launch. The data-layer isolation pattern is region-agnostic so future multi-region is not blocked.
Reliability, reporting & requests
- Service status. A SHA-verified health endpoint is published after every deploy. A public status page is on the roadmap; until then, current customers can request a live status reading from support.
- DPA & BAA requests. Contact sales to request a Data Processing Agreement or a BAA for a healthcare tenant.
- Vulnerability disclosure. Report a security vulnerability to security@sageaiapps.com. We acknowledge reports promptly and coordinate remediation with responsible disclosure.
Last reviewed 2026-07-03. This page states current posture only; material changes are published here with an updated review date.