Security & architecture

Bring us your security questionnaire. We built the product to answer it.

One codebase, two modes: managed cloud, or fully air-gapped on your hardware. Switching between them is configuration — never a fork.

Three structural commitments

Promises you can test, not policies you must trust.

No cross-tenant retrieval

Isolation enforced in the data layer, not the UI — and proven by dedicated tests that gate every release.

No training on your data

Models see your context at inference time only. Your problems and knowledge base never become training data — for anyone.

No data leaves the air gap

On-premise, a complete coaching session makes zero external network calls. Architecture, not policy.

Cloud when you want it. Local when you must.

Every external dependency has a cloud backend and a local one.

Two capabilities are local in every deployment, by design: speech-to-text runs on local Whisper, and retrieval embeddings are computed locally. Voice from your shop floor and the content of your knowledge base are never sent to a third-party speech or embedding service — in either mode.

CapabilitySolve CloudAir-gapped on-premise
Reasoning modelAnthropic Claude APILocal open-weight model
Speech-to-textLocal Whisper — on our serversLocal Whisper — on yours
Retrieval embeddingsLocal modelsLocal models
Text-to-speechElevenLabs APILocal Piper TTS
DatabaseManaged PostgreSQL (UK/EU)Local PostgreSQL, encrypted volume
File storageObject storage, encryptedLocal encrypted volume
EmailTransactional providerCustomer SMTP — or none
UpdatesContinuous, staged releasesSigned offline packages
Internet requiredYesNo — fully disconnected
0 external calls per air-gapped session Tenancy tests gate every release Voice & embeddings local in every mode
The control set

Built for the vendor security review.

The standard we hold the platform to, across both deployment modes.

Identity & access

Invitation-only accounts, TOTP two-factor with per-company enforcement, SSO (SAML / OIDC) on Enterprise. Enumeration-hardened, per-client lockout.

Authorisation

One role authority for every capability — including a content-blind operator role. The role-by-route matrix is tested on every release.

Secure operations

Containerised, non-root. Tests and dependency audits on every change, staging before production, one-command rollback. Secrets in a secrets manager — never on disk.

Assurance & compliance

A living compliance pack: posture docs, completed vendor questionnaire, DPA, sub-processor list, residency statements, incident-response plan.

Deployment

Three ways to run Solve.

Multi-tenant SaaS

Solve Cloud

Managed in UK/EU regions. Instant start — the default for most sites.

Single-tenant

Solve Private Cloud

A dedicated deployment in your chosen region — managed by us, sovereign to you.

Air-gapped

Solve On-Premise

On your hardware, installed from offline media with signed updates. For defence and export-controlled work.

We'd rather show you the architecture than describe it.

Bring your hardest questions — data flow, isolation, model behaviour, failure modes — and we'll walk the platform end to end with your engineers.

Book a technical review