Vellum systems are designed for institutional environments. Six security principles shape every engagement — from the deployment model to the audit trail. Each is non-negotiable.
Vellum systems can be deployed on your cloud, on dedicated infrastructure, on-premise, or in air-gapped environments. The deployment model is selected during the Discovery Blueprint based on your data residency, regulatory, and operational requirements.
For institutional clients with strict residency or sovereignty requirements, on-premise or private-cloud deployment is the default. We do not require data to leave your environment.
You own your data. Vellum does not retain, process, or transmit your data outside the deployment environment you specify. There is no shared multi-tenant architecture, no third-party data processor in the loop, and no implicit telemetry.
Each deployment is single-tenant. Data flows are documented in the architecture and reviewed during Discovery.
You choose the model. Vellum systems work with proprietary models (OpenAI, Anthropic, Google) where API-based deployment is acceptable, and with open-weight models (Llama, Mistral, Qwen) where on-premise inference is required.
Model selection is part of the architecture, not a vendor lock-in. Models can be swapped without rewriting the system.
For sensitive workflows, human approval gates are mandatory. The architecture supports configurable approval requirements between any two workflow stages. The reviewer sees the system context, makes a deliberate decision, and the audit trail records the choice.
No automated decision affects a sensitive outcome without explicit human sign-off.
Every action taken by the system is logged with timestamp, agent, input context, output, and any human approval associated with it. The audit trail is the operational record — what the system did, when, with what inputs, and who approved.
Retention periods, log formats, and access controls are configured to your compliance requirements.
Role-based access controls determine who can see what, approve what, and modify what. Credentials are stored using your secrets infrastructure (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, etc.). Vellum never holds long-lived production credentials.
Scoped credentials, short-lived tokens, and the principle of least privilege are applied throughout.