The Pennar The Pennar
Trust & Security

Accurate, private, and entirely in your control.

A public-facing voice for your brand demands more than good answers. It demands a system that won't invent things, won't leak personal data, and never gets ahead of what you've approved.

Grounded truth, not hallucination

She answers from your knowledge — and points you to the right source when she can't.

The single biggest risk with conversational AI is a confident wrong answer. We engineer against it at every step, so the Digital Human stays inside the bounds of what you've given her.

01

Customer-approved content only

Aria draws from a knowledge base your team controls — not the open internet, not a general model's memory.

02

Retrieve, then respond

Every answer is grounded in retrieved source material at the moment of the question — current, not cached from training.

03

When she doesn't know, she says so

If the answer isn't in your approved sources, she doesn't fabricate. She says she doesn't know — and points to the right resource or hands off to a human.

04

Updates go live in minutes

Your staff edit the source and the conversation reflects it immediately. No vendor call, no retraining cycle.

A generic chatbot guesses. Aria retrieves — and when there's nothing to retrieve, she stays honest.
Privacy by architecture

Your data belongs to you.

Privacy isn't a policy bolted on afterward — it's built into how data moves through the system, or rather, how little of it moves at all.

A no-training commitment

  • Zero model training. Interaction data, transcripts, and user media are never used to train our models or third-party LLMs.
  • Transient processing. Audio and video are processed in real-time memory and purged when the session ends.
  • No personal data stored. No names, faces, or voice prints retained. Conversations are not logged without explicit consent.

Data residency & sovereignty

  • US deployments stay in the US. Data for local and government deployments is stored and processed on US-based infrastructure.
  • Regional routing abroad. International deployments keep data within its origin jurisdiction — including GDPR-aligned regions for EU users.
  • Scoped to the deployment. Each integration touches only the specific data it needs, nothing more.

Technical safeguards

  • Encryption everywhere. AES-256 at rest and TLS 1.3 in transit.
  • PII redaction. Personally identifiable information is masked before it reaches the reasoning engine.
  • Edge protection. A web application firewall guards against injection, DDoS, and prompt-injection attempts.

Safety & guardrails

  • Enterprise safety filters. The reasoning core's safety layer screens against harmful, biased, or off-topic output.
  • On-brand by design. Aria is bounded to your subject matter and tone, representing your brand professionally at all times.
  • Human hand-off. Sensitive or complex cases are routed to the right person, not improvised.
The foundation

Standards we build on.

Encryption

AES-256 at rest, TLS 1.3 in transit, across every endpoint and integration.

Edge security

Cloudflare WAF and global delivery — the same foundation used by a large share of the Fortune 500.

Access control

Each deployment is scoped to the minimum data required, with auditable, permissioned access.

We describe here what is architected into the platform today. Formal certifications (such as SOC 2) and named compliance attestations are pursued per deployment and per customer requirement — we're happy to discuss current status and roadmap directly during a pilot conversation.

A pilot, not a bet

Put it in front of your security team.

We'd rather earn trust through a scoped pilot than a sales deck. Bring your requirements — data residency, redaction, access control — and we'll show you how the deployment meets them.

Or email ram@the-pennar.com · (317) 531-2933