Security
Data never leaves your cloud. We run the control plane. You own the data plane. This is the foundational principle of every Worldmodel deployment, and it is non-negotiable.
Deployment tiers
We offer three deployment models, each designed for a different regulatory and operational context. Every deployment is single-tenant. There is no shared infrastructure between customers.
Tier 1: BYOC (Bring Your Own Cloud). Single-tenant deployment into your own cloud account (GCP, Azure, or AWS) via Terraform. EU regions by default. The world model, the temporal graph, the reasoning loop, and all worker actions run inside your cloud tenant. Data never leaves your account. We manage the software; you own the infrastructure.
Tier 2: Sovereign. For regulated workloads that require European sovereign cloud infrastructure, we deploy on OVHcloud, Scaleway, Outscale, or S3NS (the Google-Thales joint venture). This path is compatible with SecNumCloud qualification for customers that require it. All data remains within French or EU sovereign jurisdiction.
Tier 3: On-premise. Available for defense-adjacent and public sector clients on request. Full on-premise deployment with air-gapped options. Contact us to discuss requirements.
Technical controls
Every Worldmodel deployment includes the following controls by default. These are not optional add-ons. They are part of the platform.
Encryption at rest with customer-managed KMS keys (BYOK). You control the keys. We never have access to your data at rest.
Single sign-on via your existing identity provider. We integrate with any SAML or OIDC-compliant IdP. No separate credentials to manage.
Full audit log of every read and every worker action. Every time the model accesses data, every time a worker takes an action, every time the reasoning loop produces a conclusion, it is logged with full context, timestamped, and exportable to your SIEM.
Zero data retention on model providers. All LLM inference runs through private endpoints with zero data retention, contractually enforced. Your data is not used for training. Your prompts are not stored. This is guaranteed at the contract level, not just the policy level.
Kill switch. One button to freeze all AI workers instantly, across the entire deployment. When the kill switch is activated, every worker stops immediately. No actions in flight are completed. This is designed for the moment when you need everything to stop, and it works in seconds.
Customer-controlled rollback and data deletion. You can roll back any worker action. You can delete any data from the world model. You can export the full graph at any time. Your data is yours, and your control over it is absolute.
Certifications
We are actively pursuing the certifications that enterprise and regulated customers require.
SOC 2 Type II: in progress. Expected completion H2 2026.
ISO 27001: parallel track. We are building our ISMS from day one, not retrofitting it later.
HDS (Hébergeur de Données de Santé): for healthcare clients that require certified health data hosting.
SecNumCloud: for public sector and regulated industries. Available through our sovereign deployment tier.
The exit clause
Our architecture is designed so that ripping us out is a one-week exercise if you ever need to. The temporal knowledge graph is stored in standard infrastructure in your cloud. The data formats are documented and open. There is no proprietary lock-in on the data layer. No hostage data. No exit fees. No six-month migration project.
We believe that if we have to trap you to keep you, we don't deserve to keep you. The platform earns its place every month, or you leave.
For the full security documentation pack, including our detailed architecture diagrams, data flow documentation, and compliance attestations, write to us at contact@theworldmodelcompany.com. We are happy to walk your security team through every layer of the deployment.