Security

Each VARVE is a residual low-rank adapter over a frozen FACIES. IsolationIQ ≥ 0.85 guaranteed — customer A's data cannot leak into customer B's routing. Tested per injection via SEDIM-Bench.

One API call erases a VARVE's weights, anonymizes its STEMMA logs, and keeps a signed deletion proof in the audit log. No 'retrain the model and hope'. GDPR / KVKK Article 17 built into the architecture.

Every lifecycle mutation — promote, rollback, consolidation, delete — writes an event cryptographically linked to the previous one. Tamper breaks the chain visibly. Signed exports available as JSON, NDJSON, or text.

Training data stored encrypted at rest (AES-256) + TLS in transit. Business tier picks EU or US region; Enterprise gets custom placement. Nage never fine-tunes FACIES on customer data — VARVE is the only write surface.

JWT + API keys (SHA-256 hashed, never plaintext). Rotate keys without downtime. IP allowlist on Enterprise. Tier-aware rate limits enforce per-minute burst caps. 2FA / SSO / SAML on Enterprise.

Merging a VARVE into FACIES is irreversible — so it requires admin approval + superadmin execution. FACIES snapshots are saved before each execution as an emergency revert. Human-in-the-loop by default for any permanent change.