Trust & Security

Honest about what's shipped.

SaiBrief is in private beta. We list controls that are actually in place today and call out the ones still on the roadmap. Visit the Trust Center for the full disclosure.

Paragraph-level citations

Every generated claim is grounded in numbered source paragraphs the user can inspect.

Encrypted in transit

All traffic to the app and the AI gateway runs over HTTPS/TLS, managed by our hosting platform.

Audit log (preview)

A client-side, session-only demo of the planned audit chain. It is not a server-side record and resets on reload.

No model training

Per our AI gateway's processor terms, customer content is not used to train models.

Role concepts (UI)

Owner / Reviewer / Approver / Executive roles are modelled in the UI. Server-side enforcement is on the roadmap.

Honest scope

The beta is not in-Kingdom, has no dedicated single-tenant deployments (workspaces share infrastructure with row-level-security isolation), and no at-rest encryption beyond provider defaults. All three are planned before GA.

Our commitment

Customer content is not used to train models.

Document text submitted to SaiBrief is sent through our managed AI gateway to Google Gemini solely to generate the requested brief. Per the gateway's processor terms, that content is not used for model training, fine-tuning or benchmarking.

PDPL alignment (roadmap)

Planned posture for general availability — not certified today.

Tenant isolation (roadmap)

Workspace isolation will land before GA. The beta is shared.

Regional residency (roadmap)

In-Kingdom hosting is on the roadmap. Today the platform hosts outside KSA.

SSO (roadmap)

SAML / OIDC and MFA are planned. The beta signs users in with magic-link email authentication.

For deeper review, visit the Trust Center.

Sub-processors, certification status, incident response, and our current disclosure register. (A downloadable DPA / MSA package is in development — not yet available.)