Security - Legion by IAXOV

Privacy Architecture

Enforced at the data layer. Not the application layer.

Most AI platforms rely on prompt instructions to handle sensitive data. Instructions can be bypassed. Legion operates differently: sensitive data is detected and removed before it enters any AI model. This is an architectural guarantee, not a configuration option.

Mask before process

Personal information is identified across 9 categories (SSN, SIN, email, phone, address, DOB, credit card, health, salary) and masked before data enters any probabilistic workflow. Raw PII never reaches an AI model, cache, or log. Processing latency: under 5 milliseconds.

Field-level access control

Role-based policies determine which data fields are visible to which workflows. A revenue analyst cannot trigger a workflow that accesses compensation data. The request is denied before execution, not after. Every denial is logged.

Opaque participant identity

Legion never stores participant names, emails, or identifying information. All references are opaque tokens provided by the integrating system. Legion has no knowledge of who is being evaluated. The integrating system maintains the identity mapping.

Audio redaction

Voice conversations are transcribed with word-level timestamps. PII segments are identified and silenced in the audio recording before storage. The stored audio contains no identifiable information. The transcript is independently masked.

Model identity obfuscation

Which AI provider produced which output is obfuscated in all participant-facing data. Providers are referenced as Provider A, B, C, D. Real identities appear only in the internal audit trail, accessible only to authorized operators.

Audit every decision

Every governance action is recorded: every mask, every score, every routing decision, every budget check, every model exclusion. Append-only, tamper-evident audit trail with configurable retention. 18 distinct event types.

Model Governance

You control which AI models touch your data

Not all AI providers are created equal from a sovereignty perspective. Legion gives you granular control over which models are permitted, based on criteria that matter to your organization.

Country of origin

Block AI models from specific countries. Canadian federal agencies can restrict to Canadian or Five Eyes providers. EU organizations can require EU-based providers only.

License type

Restrict to commercial, open-source, or open-weight models based on your organization's AI policy. Research-only licenses automatically excluded from production workflows.

Data residency

Enforce where your data is processed. If a provider cannot guarantee processing in your required jurisdiction, it is excluded from the routing table before selection.

Deployment Security

Your infrastructure. Your jurisdiction. No exceptions.

Single-tenantDedicated compute, storage, and network. No shared infrastructure.
Jurisdiction-lockedData residency enforced at the infrastructure level. No cross-border data flows.
Encrypted at restAll data encrypted with AES-256. API keys SHA-256 hashed. Credentials vault-managed.
Encrypted in transitTLS 1.3 for all connections. Internal service mesh encrypted.

No data exfiltrationNetwork egress restricted to configured AI providers only. All other outbound blocked.
RBACRole-based access control on every API endpoint. JWT-scoped per engagement.
Rate limitingPer-tenant rate limiting at both network and application layers.
Vulnerability reportingResponsible disclosure at security@iaxov.com

Regulatory Alignment

Compliance documentation is a product feature

Every workflow execution automatically produces a 7-section compliance report. This is not an optional export. It is an integral part of every governed output.

ISO 27001

ISO 42001

ISO 9001

GDPR

PIPEDA

HIPAA

EEOC

EU AI Act

The AI cannot leak what it never received