What does Aixys replace?

The seven SaaS tools most teams have open at once — typically a CRM, a project tracker, a finance app, an HR portal, a doc tool, a chat surface, and a BI/dashboard tool. Aixys unifies all seven into one operating surface backed by a single event log.

How does Aixys remember everything?

Every write is a typed event in an append-only log (P50 8 ms, P99 24 ms, 3× replicated). Every read — whether from the UI, the AI surface, or an integration — is a derivation of that log. The system never guesses; the AI surface grounds on the events.

Is Aixys SOC 2 compliant?

Yes. Aixys is SOC 2 Type II certified, HIPAA-ready, and supports SSO + SCIM. Data residency is available in EU and US regions. See aixys.app/about/trust for live evidence.

Can I bring my own AI model?

Yes. The AI Automation module is model-agnostic — bring OpenAI, Anthropic, or self-hosted weights. Citations and tool calls are typed and logged regardless of which model executes.

How do I integrate Aixys with existing tools?

140+ connectors, typed SDKs (TypeScript, Python, Go), and a streaming HTTP API. Outbound webhooks notify any listener; inbound integrations loop back as new events on the same log.

TRUST · SECURITY · COMPLIANCE · THE VAULT

The operating axis was built to be trusted before it was built to be fast.

Aixys runs on an event-sourced memory bus. That substrate is the same surface we use for audit, access control, grounded AI, and data residency. Trust is architectural — not a badge we bolt on at the end.

99.982Availability · trailing 12 monthsProduction control plane
34Median incident resolutionminutes
04Customer-data regionsUS · EU · UK · APAC
AES-256Encryption at reston every partition

CERTIFICATIONS · AUDITED OR IN AUDIT

What we certify against.

SOC 2 Type IILive
Audited annually by an independent AICPA-registered firm.
ISO 27001Live
Certified scope covers the control plane, data plane and corporate.
GDPRLive
DPA available on request; sub-processor registry published.
HIPAAAvailable on request
BAA available for qualifying healthcare customers.
ISO 42001 (AI)In audit
Stage 2 scheduled for Q3 2026.
Third-party pentestLive
Externally tested every six months; summary report under NDA.

TRUST ARCHITECTURE · SIX PILLARS

How the vault is built.

Identity & access
Every action in Aixys carries an actor identity, and every identity is auditable in one log.
- SAML SSO with SCIM provisioning, on every plan.
- Just-in-time admin access with time-boxed grants.
- Per-actor audit trail of every event in the memory bus.
Data protection
Customer data is encrypted in flight and at rest, partitioned per tenant, and never mingled between tenants.
- TLS 1.3 on every network boundary, internal and external.
- AES-256-GCM at rest, per-tenant KMS keys, rotated quarterly.
- Zero customer data in logs, unless explicitly opted in.
Grounded AI
Every AI answer in Aixys cites the event it was derived from — and inherits the actor identity of the operator asking.
- Citations are URIs against the event stream, not strings.
- Drift budget surfaced in every AI-authored block.
- No customer data used to train foundation models, ever.
Residency & sovereignty
Customer data is pinned to the region you choose, with a documented path for regulated workloads.
- Four regional deployments: US-East, EU-West, UK, APAC.
- Data does not cross regional boundaries without explicit, logged consent.
- Private-region deployments available for enterprise contracts.
Operations & incident response
A small team, a clear runbook, and an operator-first incident posture.
- 24/7 on-call rotation; tiered S0-S3 severity model.
- Public status page, with incident post-mortems within 72 hours.
- Customers with S0-class incidents get a named IR lead within 15 minutes.
Privacy & retention
You own your data, all of it. Export is always available, retention is explicit, deletion is real.
- One-click full export in JSON + CSV formats.
- Per-collection retention policies, auditable by customer admins.
- Deletion is propagated to backups within 30 days; certificate available.

INCIDENT LEDGER · HONEST POSTURE

What we’ve broken, and how we fixed it.

We publish incidents. Not because we like them, but because customers deserve to see the posture behind the uptime number. Every S0–S2 incident gets a post-mortem within 72 hours.

S2
2026-03-11 · 14:22 UTC
Degraded projection rebuild in EU-West
IMPACT
Dashboards in EU-West were 4-7 minutes behind for 38 minutes.
RESOLUTION
Rolled back the affected projection build; added a projection-freshness gauge with tighter alerting.
S2
2025-11-02 · 09:41 UTC
Elevated latency on the connector gateway (US-East)
IMPACT
P99 latency rose from 210ms to 820ms for 19 minutes.
RESOLUTION
Failed over to secondary gateway; identified a misconfigured connection pool. Pool limits now provisioned from Terraform.
S1
2025-07-19 · 22:04 UTC
Auth provider partial outage
IMPACT
Upstream IdP outage prevented 11% of SAML logins for 52 minutes.
RESOLUTION
Activated break-glass login flow; co-published post-mortem with the IdP.

Older incidents (pre-2025) available under NDA on request.

CONTACT · SECURITY & COMPLIANCE

Need the paperwork?

Security inbox
For vulnerability reports and security research. We respond within one business day, and we run a coordinated-disclosure policy.
Email the security team →
DPA & GDPR
Request our Data Processing Agreement, sub-processor registry, or EU Standard Contractual Clauses — all countersigned by our DPO.
Request DPA →
SOC 2 & pentest
Under mutual NDA we will share our current SOC 2 Type II report, ISO 27001 certificate, and our most recent third-party pentest summary.
Request audit package →

NEXT STEP · YOUR SECURITY TEAM

Bring this to your security review.

Book a security review Read the Manifesto Join the studio

AIXYS · VAULT · 2026

Surface

Modules

Rituals

Foundations

Integrations

Trust

By stage

By function

By industry

AI Research & Analytics Suite

Analysis

Sector + output

Library

Research

Featured

Company

Operations

Contact

The operating axis was built to be trusted before it was built to be fast.

What we certify against.

How the vault is built.

Identity & access

Data protection

Grounded AI

Residency & sovereignty

Operations & incident response

Privacy & retention

What we’ve broken, and how we fixed it.

Degraded projection rebuild in EU-West

Elevated latency on the connector gateway (US-East)

Auth provider partial outage

Need the paperwork?

Bring this to your security review.