Back to Legal & Trust Centre

Technical and Organisational Measures

A contract-adjacent summary of ANCHOR's technical and organisational measures.

Status
Public summary
Version
v1.0
Stage
Contract-adjacent summary - agreement controls
Last updated
15 June 2026

This summary describes ANCHOR's technical and organisational measures at a high level for review. It is a contract-adjacent summary; the signed agreement and any data processing agreement control.

Access control

Access to ANCHOR functions is controlled and role-aware, with administrative functions gated accordingly.

Authentication

Clinic and administrator users authenticate before accessing clinic-scoped surfaces.

Tenant isolation

Clinic data is separated by tenant, with request-scoped tenant context applied to access.

Row-level security (RLS) and FORCE RLS

Multi-tenant separation uses row-level security, including FORCE RLS, as part of the isolation model.

Audit logging

Administrative actions are recorded through audit logging and admin audit events for reviewability.

Metadata-only storage discipline

Storage is metadata-only by default; raw prompt and output content are not stored in the current doctrine.

Backup and restore

Backup and tested-restore practices are being prepared as part of the operational-resilience gate. They are operational practices, not guarantees.

Retention and deletion

Retention and deletion are summarised on the Data Retention and Offboarding pages and are subject to the agreement and data processing agreement.

Incident response

An incident-response posture, including a breach and incident-response runbook, is part of the same gate.

Dependency and vulnerability management

Dependency and vulnerability (CVE) review forms part of the security-audit posture.

Secure development and change management

Changes are managed through version control and review, supporting secure-development and change-management practices.

Subprocessor management

Subprocessors are summarised on the Subprocessors page. The signed data processing agreement and customer agreement control subprocessor use.

Operational resilience and business continuity

Operational-resilience and business-continuity practices are part of the release-candidate gate before paid pilots or real clinic data.

Personnel, founder, and operator access

Operator access is limited to what is needed to run and support the platform. Founder and operator access follows the same metadata-only discipline.

What this page is not

This is a contract-adjacent summary only. It is not a SOC 2 report, an ISO certification, a penetration-test report, or a security guarantee. The agreement and any data processing agreement control the final contractual technical and organisational measures.

Important notice

ANCHOR helps clinics evidence responsible AI governance practices. It does not make a clinic compliant with any law or professional standard, and it does not replace veterinary judgement. These pages are prepared for transparency and solicitor review and are not legal advice.