Four principles.
No caveats.
These are not aspirational statements drafted for a careers page. They are the specific positions we hold — and they shape every product decision, every commercial decision, and every design choice.
Security is not a differentiator.
Every security feature — SSO, MFA with phishing-resistant options including passkeys and FIDO2, comprehensive audit logging with 10-year retention, tenant isolation, and encryption at rest and in transit — is available to every customer on every plan. There are no security-gated tiers.
The burden of securing the platform rests with us, not with you. We built Standard Intelligence in accordance with NCSC Secure by Design principles. We take ownership of your security outcomes. We have chosen to make this commitment irrevocable by design: our pricing architecture cannot create a security-as-premium-feature dynamic, because the feature parity is baked into the plan structure and we intend to keep it that way.
Regulation should be legible.
The EU AI Act is 144 pages. Cross-referencing Articles, Annexes, and recitals is the platform's job — not yours. Every questionnaire section, every output field, and every gap analysis finding traces back to a specific regulatory obligation. We surface the requirement ID, the Article, and the Annex section next to every piece of content.
We do not abstract the regulation away. We do not produce a "compliance score" that obscures what is actually missing. We make the regulation navigable — and we leave you and your legal advisors in full view of what the platform is doing and why.
AI assistance, honestly bounded.
The AI Regulatory Navigator is advisory. It says so — clearly, persistently, and in a way that cannot be dismissed. Every citation it produces is validated against the EU AI Act corpus before it reaches you; fabricated references are automatically suppressed and the response regenerated. The formal risk classification is a separate, user-driven step.
We designed this distinction deliberately. The consequences of over-reliance on AI-generated regulatory assessments are real: incorrect classifications, missed obligations, and documentation that does not survive scrutiny. The Navigator is a powerful starting point. It is not a substitute for your legal and compliance team's judgement.
Your data stays in Europe.
The platform runs on AWS eu-central-1 in Frankfurt. All LLM inference uses the Anthropic EU endpoint (api.eu.anthropic.com). A GDPR Article 28 Data Processing Agreement is in place with Anthropic. The embedding model pipeline is under active evaluation for EU endpoint confirmation; we will not move to production on any component without a confirmed GDPR Article 28 DPA.
EU data residency is not a premium feature, a configuration option, or a checkbox on a sales proposal. It is the default, and it is the only option. We are a compliance platform. We hold sensitive AI governance documentation. We hold ourselves to the same standard we help you meet.