Promontory
Let's Talk
SecurityHow we work inside your systems

Your accounts. Your data. Revocable on a phone call.

We touch real workflows: inboxes, CRMs, SOPs, spreadsheets, the documents you do not want on the internet. The way we work reflects that. Plain English below. No compliance theater.

Ask us a security questionSee the controls matrix· No NDA needed to read this page
FIG. A
SPECIMEN · 01 / 01
A standard Promontory
access credential
This is what an engineer carries onto your stack. Nothing more.
ACCOUNT OWNERCLIENT
ISSUED TOPROMONTORY · ASSIGNED ENGINEER
SCOPEWRITE: 3 paths · READ: 11 paths
ENVIRONMENTCLIENT TENANT · CLIENT REGION
MFAREQUIRED · CLIENT-ENFORCED
EXPIRYTIME LIMITED · REVIEWED BY CLIENT
REVOCABLE BYCLIENT, ANY TIME, ONE CLICK
AUDIT TRAILCLIENT-OWNED LOG · WORM
PROMONTORY · OPERATIONAL CONTROLSNO TOKENS LEAVE YOUR TENANT
The four principles

How we operate inside a client’s stack. Four rules. No exceptions.

01

Least privilege, by default

Engineers get the narrowest access that lets the job ship. Write scopes are named, read scopes are limited to the data the workflow needs. No shared logins. No global admin keys handed across desks.

APPLIES TO EVERY ENGAGEMENT
02

Your accounts. Your data. Your tenant.

Systems run on your Anthropic, OpenAI, Gemini, or self-hosted accounts. Data sits in your storage, your region, your retention policy. We do not warehouse client data on Promontory infrastructure.

APPLIES TO EVERY ENGAGEMENT
03

Revocable on a phone call

Access is time-bounded and tied to named individuals. You can cut every credential we hold in one administrative action. No platform lock-in, no escrow, no “but our integration depends on it.”

APPLIES TO EVERY ENGAGEMENT
04

Human review at the steps that matter

Anything that sends an email, moves money, mutates a record, or speaks to a customer runs through an approval surface until you switch it off. Conservative defaults. You decide when each switch flips.

APPLIES TO EVERY ENGAGEMENT
Controls matrix
FIG. 01 · Twelve operational controls

The controls we actually enforce. In plain English.

We will not list certifications we do not hold. What we will do is tell you, control by control, how we work inside your environment and which lever is in your hand.

AreaControlHow it is enforcedWhere it lives
Identity
Access via named human accounts
Each Promontory engineer gets a named seat on your IdP. No shared logins. No service accounts that outlive a project.
CLIENT-OWNED
Identity
MFA, enforced by client policy
Whatever MFA you require, we use. We do not ship our own. Hardware keys, SSO, conditional access. Your call.
CLIENT-OWNED
Scope
Least-privilege scopes, written down
Every credential ships with a written scope: read these paths, write these paths, nothing else. Pinned to a workflow.
ENGINEERED
Scope
No standing access to production
Access to live systems is granted per task and expires automatically. Routine work happens in a sandbox or shadow mode.
ENGINEERED
Data
Data stays in your tenant
Workflows read from and write to your storage. No copies on Promontory laptops, no Promontory-side data lake, no exfil.
CLIENT-OWNED
Data
Client-chosen model provider
Your Anthropic, OpenAI, Gemini, or self-hosted account. Tokens are billed to you. We do not resell inference.
CLIENT-OWNED
AI actions
Human approval for sensitive actions
Sending email, moving money, mutating a customer record, or speaking on behalf of the company always queues for review.
HUMAN REVIEW
AI actions
Conservative defaults, tunable
New workflows ship at the most restrictive useful setting. You loosen approval gates as the system earns trust.
HUMAN REVIEW
Visibility
Append-only activity log
Every AI action (prompt, tool call, output, who approved) is written to a log you own. We do not hold the only copy.
AUDIT-LOGGED
Visibility
Operator dashboard
A daily-readable view of what the system did, what it skipped, and what it queued for review. Not a marketing dashboard.
AUDIT-LOGGED
Off-ramp
One-click credential revocation
You revoke every credential we hold from your IdP, in one action, without calling us. The system fails closed.
CLIENT-OWNED
Off-ramp
Documented hand-off to your engineers
Prompts, tools, retrieval, runbook, decisions journal: all in your repo. Readable on day one without us.
ENGINEERED
CLIENT-OWNED· lever is in your handENGINEERED· built into the systemHUMAN REVIEW· a person clicks before it runsAUDIT-LOGGED· written to a log you own
Access lifecycle

Every credential we hold has a birthday and an expiry date.

FIG. 02 · Credential lifecycle · Standard
T0–T+60d
TIMELINECLIENT-OWNED · ANY STAGE01 · GRANTEDT0 · day of contractNamed seat on your IdP.Scope written down.02 · SCOPEDwithin 48h of T0Read paths and write paths bound to one workflow..03 · ACTIVEduration of workflowUsed only for the work.Every call audit-logged.04 · EXPIREDT+60d · autoAuto-revokes at T+60 days unless renewed..05 · REVOKEDon demand · clientYou cut access.The system fails closedCLIENT-PULL LINEYou can revoke at any stage from your IdP. The system fails closed within 60 seconds. Audit logs remain on your storage.PROMONTORY · CREDENTIAL LIFECYCLE · DRAWN BY HAND
What we do not do
Honest list, on request.
Available in writing.
We do not hold SOC 2 yet. We do not have a 40-page security whitepaper. What we have is a set of operational habits, written down, that we will not break to win your business.
The position, in writingPROMONTORY · OPERATING PRINCIPLE
Still have questions

Send us your security questionnaire. We will answer it, line by line, in plain English.

Start the conversationEmail the partners directly· Response within one business day
WHAT YOU GET BACK
  • – Written answers to each question
  • – Sample data-handling addendum (PDF)
  • – Reference clients on request
  • – A working access credential to inspect
  • – A no for whatever we cannot honestly do