Trust Centre: Security
Procurement-friendly overview of ANCHOR's security posture.
- Status
- Public summary
- Version
- v1.0
- Stage
- Procurement summary - not a certification
- Last updated
- 15 June 2026
This overview summarises how ANCHOR approaches security for buyer and procurement review. It is a summary, not a certification or guarantee.
Scope of this page
This is a high-level, procurement-friendly summary of ANCHOR's security posture. It is not a security certification and does not constitute a guarantee.
Authentication and access control
- Authentication for clinic and administrator users.
- Role-aware access control for administrative functions.
- Clinic-scoped access so views remain limited to a single tenant.
Tenant isolation
ANCHOR uses multi-tenant separation with row-level security (RLS), including FORCE RLS, and request-scoped tenant context as part of its isolation model.
Audit logging
Administrative actions are recorded through audit logging and admin audit events, supporting reviewable accountability.
Metadata-only storage discipline
Storage is metadata-only by default. Raw prompt and output content are not stored in the current product doctrine.
Dependency and vulnerability management
Dependency and vulnerability (CVE) review is part of the security-audit posture. The formal security audit is a mandatory release-candidate gate before paid pilots or real clinic data.
Backup, restore, and operational resilience
Backup, restore, and operational-resilience practices, including tested restore, are being prepared as part of the same release-candidate gate. These are operational practices, not guarantees.
Incident response
An incident-response posture, including a breach and incident-response runbook, is part of the operational-resilience gate.
Secure development and change management
Changes are managed through version control and review. Secure-development and change-management practices form part of the operating posture.
What this page does not claim
This page does not claim SOC 2, ISO, or penetration-test certification unless such a certification is actually held, and it does not claim that the platform is breach-proof or secure by guarantee. Specific encryption and hosting-region details are confirmed in the security and legal documentation and any data processing agreement.
Important notice
ANCHOR helps clinics evidence responsible AI governance practices. It does not make a clinic compliant with any law or professional standard, and it does not replace veterinary judgement. These pages are prepared for transparency and solicitor review and are not legal advice.