Security & Compliance
Security is your bedrock.
Investment firms can't take chances on security, accuracy, or compliance. Bloxii is built on a simple discipline: numbers are data, never guessed; every output cites the transaction behind it; and a person on your team approves before anything leaves the building. Below is the full architecture, isolation, audit, residency, and the controls auditors and regulators expect.
Zero standing access
Even Bloxii can’t see your data.
No back door, no quiet access, no training on your records. Your data stays in the UK, runs behind one controlled gateway, and is isolated from every other firm, with a person on your team signing off on every output.
No standing access
Bloxii staff have no standing access to customer data. Any access requires audited, time-boxed, permissioned escalation, logged to the same append-only trail as every agent action. There is no quiet back door.
UK data residency on AWS London
Your data is stored and processed in the United Kingdom, on AWS London (eu-west-2). Region placement is enforced in our CI, not left to configuration.
One controlled AI gateway
Every model and retrieval call passes through the Bloxii Router: guardrails, prompt management, safety, rate limiting, caching, cost tracking, and observability. Provider-neutral, with no direct model access outside it.
Tenant isolation at three layers
Isolation runs at three layers: data, a per-tenant database with row-level security; access, scoped role-based retrieval; and infrastructure, VPC and network isolation. No shared data path between firms.
Hardened infrastructure
Secrets management, encrypted object storage and backups, monitoring and observability, and automated CI/CD. A Postgres primary, an isolated vector store, and full audit logs and history.
Private, single-tenant deployment
Firms that need it can run Bloxii single-tenant, in your preferred region, with customer-controlled data residency. The same platform on dedicated infrastructure.
Certifications & roadmap
Live, in progress, and on the roadmap.
GDPR
Built into the product from day one. UK / EU data residency, append-only audit, and customer rights honoured.
FCA-aware deployment
Deployed with FCA-aligned controls, MiFID II and AIFMD-aware reporting, human approval gates on every regulated output.
Cyber Essentials Plus
The UK government and FCA-aligned procurement baseline. Audit underway.
SOC 1 & SOC 2 Type II
Both SOC 1 and SOC 2 Type II — evidence collected from day one. The control framework enterprise buyers expect.
ISO/IEC 42001
The AI Management System standard. Pulled forward so institutional buyers can procure with it as a table-stakes requirement.
Data handling principles
Your data stays your data.
Numbers are data, never guessed
Every figure Bloxii surfaces is pulled directly from your source records, Xero, Sage, fund admin, spreadsheets. The AI never estimates, rounds, or invents a number. If the data isn’t there, the output says so rather than filling the gap.
Every output cites its transaction
Regulatory and financial outputs carry a citation back to the exact source transaction or document. Your reviewer clicks through to the underlying record before approving, no claim stands without its evidence.
Human sign-off on every output
The AI does the operational work; your team reviews and approves. Nothing is submitted, filed, or sent without explicit human approval. You keep judgment and sign-off on every output, every time.
Adversarial cross-tenant isolation
Each firm runs in an isolated environment with no shared data path between tenants. The isolation extends to the retrieval layer: Ask Bloxii can never surface a document a user isn’t permissioned to see, access is enforced at retrieval, not just at display.
No training on your data, contractual and technical
Your data never trains shared models. This is enforced both contractually, in Bloxii’s Platform Agreement and with every model provider, and technically, through stateless inference with no retention. Auditable on request.
UK residency · append-only 7-year audit
Production data stays within UK regions, contractually committed. Every agent decision, document touched, and human approval is written to an append-only log retained for seven years, inspectable by your auditors and regulators, exportable on demand.
Platform & architecture
How the platform stays trustworthy.
Grounded reasoning, not free-form generation
Bloxii builds Bloxii. Reasoning runs on a leading provider-neutral model layer, Claude for reasoning by default, but every agent is constrained to your source data. The model reasons over your records; it does not generate financial figures from its own training.
Router across providers
Bloxii’s Router directs each task to the most suitable model while holding your data-residency and no-training commitments as contractual obligations independent of any single provider. A material provider change triggers customer notification, provider independence is engineered in, not a hidden dependency.
Scoped, audited MCP access
Every agent invocation through Bloxii’s MCP endpoints is authenticated, scoped to specific capabilities, logged for audit, and bound by the same per-firm isolation as the rest of the platform. An agent has no broader reach than the team member it acts for.
Role-based access control
SAML SSO, role-based access control, IP allow-listing, and data lifecycle management are standard at every tier from launch, not gated behind an enterprise plan. Access is enforced at the data layer, including retrieval.
Regression eval harness
Every agent your Operations Engineer builds runs against a regression eval harness before changes go live. Agents are tested against known-good outputs so a tuning change can’t silently degrade accuracy on the work your firm depends on.
Enforceable, auditable commitments
Bloxii’s Security Addendum carries binding terms on data protection, access, no-training, and incident-response SLAs, aligned with SOC 2, ISO 42001, and GDPR. Independent third-party security testing is planned, external validation, not self-attestation.
AI data handling
The questions sophisticated buyers ask.
Investment firms evaluating AI vendors ask AI-specific questions that traditional compliance frameworks don't fully cover, about accuracy, isolation, and who has the final say. Here's how Bloxii answers them, plainly.
Q01
Where does our data go during agent execution?
Your data flows through Bloxii's UK or EU-hosted infrastructure to the reasoning model via authenticated APIs, is processed in transit, and is returned to Bloxii. It never crosses your contractual data-residency boundary, and it is never combined with another firm's.
Q02
Is our data ever used to train AI models?
No, enforced two ways. Contractually: Bloxii’s agreements, both with you and with every model provider, prohibit training on your data. Technically: data is processed in stateless inference with no retention. The no-training guarantee is auditable on request.
Q03
Can the AI invent a number, or surface a document we’re not allowed to see?
No on both counts. Numbers are data, never guessed, every figure is pulled from your source records and carries a citation back to the transaction behind it. And retrieval is permission-enforced: Ask Bloxii can never return a document a user isn’t entitled to access.
Q04
How are mistakes caught before they reach a regulator?
Regulatory and financial outputs cite their source data, and every output is reviewed and approved by a person on your team before it leaves the building. Behind the scenes, each agent runs against a regression eval harness so a tuning change can’t silently degrade accuracy.
Q05
Can we audit which model touched which document?
Yes. Every agent execution is written to an append-only log, model, timestamp, input source, output, and approval state, retained for seven years. The full trail is inspectable in Bloxii's admin interface and exportable for audit or regulatory review.
Q06
What if a model provider changes its terms?
Bloxii’s Router runs across providers, Claude for reasoning by default, so a single provider isn’t a single point of failure. Your residency and no-training commitments are obligations Bloxii holds independently of any provider. A material change triggers customer notification and migration if needed.