Back to Trust Centre

Trust Centre: Security

Procurement-friendly overview of ANCHOR's security posture.

Status
Public summary
Version
v1.0
Stage
Procurement summary - not a certification
Last updated
15 June 2026

This overview summarises how ANCHOR approaches security for buyer and procurement review. It is a summary, not a certification or guarantee.

Scope of this page

This is a high-level, procurement-friendly summary of ANCHOR's security posture. It is not a security certification and does not constitute a guarantee.

Authentication and access control

  • Authentication for clinic and administrator users.
  • Role-aware access control for administrative functions.
  • Clinic-scoped access so views remain limited to a single tenant.

Tenant isolation

ANCHOR uses multi-tenant separation with row-level security (RLS), including FORCE RLS, and request-scoped tenant context as part of its isolation model.

Audit logging

Administrative actions are recorded through audit logging and admin audit events, supporting reviewable accountability.

Metadata-only storage discipline

Storage is metadata-only by default. Raw prompt and output content are not stored in the current product doctrine.

Dependency and vulnerability management

Dependency and vulnerability (CVE) review is part of the security-audit posture. The formal security audit is a mandatory release-candidate gate before paid pilots or real clinic data.

Backup, restore, and operational resilience

Backup, restore, and operational-resilience practices, including tested restore, are being prepared as part of the same release-candidate gate. These are operational practices, not guarantees.

Incident response

An incident-response posture, including a breach and incident-response runbook, is part of the operational-resilience gate.

Secure development and change management

Changes are managed through version control and review. Secure-development and change-management practices form part of the operating posture.

What this page does not claim

This page does not claim SOC 2, ISO, or penetration-test certification unless such a certification is actually held, and it does not claim that the platform is breach-proof or secure by guarantee. Specific encryption and hosting-region details are confirmed in the security and legal documentation and any data processing agreement.

Important notice

ANCHOR helps clinics evidence responsible AI governance practices. It does not make a clinic compliant with any law or professional standard, and it does not replace veterinary judgement. These pages are prepared for transparency and solicitor review and are not legal advice.