Technical and Organisational Measures
A contract-adjacent summary of ANCHOR's technical and organisational measures.
- Status
- Public summary
- Version
- v1.0
- Stage
- Contract-adjacent summary - agreement controls
- Last updated
- 15 June 2026
This summary describes ANCHOR's technical and organisational measures at a high level for review. It is a contract-adjacent summary; the signed agreement and any data processing agreement control.
Access control
Access to ANCHOR functions is controlled and role-aware, with administrative functions gated accordingly.
Authentication
Clinic and administrator users authenticate before accessing clinic-scoped surfaces.
Tenant isolation
Clinic data is separated by tenant, with request-scoped tenant context applied to access.
Row-level security (RLS) and FORCE RLS
Multi-tenant separation uses row-level security, including FORCE RLS, as part of the isolation model.
Audit logging
Administrative actions are recorded through audit logging and admin audit events for reviewability.
Metadata-only storage discipline
Storage is metadata-only by default; raw prompt and output content are not stored in the current doctrine.
Backup and restore
Backup and tested-restore practices are being prepared as part of the operational-resilience gate. They are operational practices, not guarantees.
Retention and deletion
Retention and deletion are summarised on the Data Retention and Offboarding pages and are subject to the agreement and data processing agreement.
Incident response
An incident-response posture, including a breach and incident-response runbook, is part of the same gate.
Dependency and vulnerability management
Dependency and vulnerability (CVE) review forms part of the security-audit posture.
Secure development and change management
Changes are managed through version control and review, supporting secure-development and change-management practices.
Subprocessor management
Subprocessors are summarised on the Subprocessors page. The signed data processing agreement and customer agreement control subprocessor use.
Operational resilience and business continuity
Operational-resilience and business-continuity practices are part of the release-candidate gate before paid pilots or real clinic data.
Personnel, founder, and operator access
Operator access is limited to what is needed to run and support the platform. Founder and operator access follows the same metadata-only discipline.
What this page is not
This is a contract-adjacent summary only. It is not a SOC 2 report, an ISO certification, a penetration-test report, or a security guarantee. The agreement and any data processing agreement control the final contractual technical and organisational measures.
Important notice
ANCHOR helps clinics evidence responsible AI governance practices. It does not make a clinic compliant with any law or professional standard, and it does not replace veterinary judgement. These pages are prepared for transparency and solicitor review and are not legal advice.