SageWM CIO

Trust Center

Security, compliance, and data-handling posture for SageWM CIO — the AI-native advisor for Chief Information Officers. This page states what protects your tenant data in plain language. Last reviewed 2026-07-03.

Security posture

SageWM CIO is a multi-tenant SaaS. Every tenant-owned row carries a tenant identifier and is scoped by a server-side withTenant data layer — the active organization is resolved from your signed session, never from a client-supplied value. Cross-tenant data leakage is treated as a security breach, not a bug.

AI posture

The Sage AI assistant acts only inside a customer-configured governance engine. Five binding guarantees:

Compliance

Claims are listed only when true and current.

Subprocessors & vendors

SageWM CIO aggregates data from your existing tools via a catalog of integrations. The connector catalog — auth mode, sync scope, and the credentials each connector stores — is documented in the integration catalog. A vendor register with per-vendor retention is maintained per the data-protection standard and available to customers under NDA.

Connector credentials (OAuth tokens, client secrets, webhook signing keys) are stored as AES-256-GCM envelopes referenced by a credential_ref — raw secrets are never persisted in plaintext, never logged, and never sent to a model.

Data residency

At launch SageWM CIO runs on a single-region shared Postgres instance (US-only posture). Tenant isolation is logical (row-level), not physical. Multi-region and per-customer residency are an explicit non-goal at launch and are on the roadmap; a customer requiring physical isolation or a dedicated region cannot be served at launch. The data-layer isolation pattern is region-agnostic so future multi-region is not blocked.

Reliability, reporting & requests

Last reviewed 2026-07-03. This page states current posture only; material changes are published here with an updated review date.