Powerful automation, with you in charge of every decision that matters.
The platform is built so nothing customer-facing happens without a person, every action is permanently recorded, and people only ever get the access their role needs.
● Live now
In short
Every action — yours, your team’s, or the AI’s — is recorded to a tamper-proof trail, and nothing sensitive reaches a customer without an approval you control. Each client runs on their own isolated instance, with encrypted data that’s never used to train AI. The whole platform is built and continuously re-checked against the exact standards independent auditors certify against. In plain terms: bank-grade security you don’t have to think about.
The problem: Handing work to AI raises a fair question: what stops it — or the wrong person — doing something you’d never approve? The answer has to be built in, not bolted on.
How it works
Three things that are true across the whole platform.
1
You approve
Anything that touches a customer waits for an authorised person. It’s the core rule across the whole platform.
2
Everything’s recorded
A tamper-evident audit trail logs every action by a person or the system — and records can’t be quietly altered.
3
Least privilege
People get only what their role needs; anything extra is time-boxed, auto-expiring and audited.
Exactly what we do
What a security architect with 15–20 years would run down — and expect to see ticked off. Honest about what’s live today versus rolling out.
Standards & governance
Built to SOC 2, ISO 27001 & ISO 42001 (AI management) practices; formal certification available under enterprise agreements.
OWASP Top 10 + OWASP LLM Top 10 as the standing review baseline.
Australian-hosted — data residency in AU; dedicated instances in your region, including AWS or Azure for enterprise.
Authentication & access
JWTs algorithm-pinned to HS256 on every verify — no alg-confusion / none-alg surface.
Strict token-type isolation — session, step-up, invite and capability tokens can’t be swapped for one another.
Session epoch — leaked or old tokens are instantly invalidated on password change, reset, deactivation or sign-out-everywhere.
Step-up 2FA on sensitive actions, bound to user + session, short-TTL; org-wide 2FA policy, idle + absolute timeouts, auto sign-out.
Delegated, least-privilege RBAC — a manager can’t escalate to owner/admin; grants are scoped and time-boxed.
Just-in-time access grants with approval; single-use, HMAC-signed, expiring invite/reset links — no password ever emailed.
Data protection
TOTP secrets encrypted at rest (AES-256-GCM); recovery codes hashed.
Secrets in an encrypted per-tenant vault, never in code; card data never touches our servers (PCI-safe processors).
Per-tenant isolation — each client on their own instance with tenant-scoped data access.
Output escaping on all untrusted / DB-sourced content (stored-XSS defence).
Bearer-JWT auth → CSRF structurally N/A; the few cookies are HttpOnly, Secure, SameSite, path-scoped.
No SQL / command injection or path traversal — parameterised queries, no shell-out, path-confined uploads with magic-byte + quota + rate-limit validation.
Infrastructure & egress
Gold-standard SSRF egress guard — https-only; blocks loopback / RFC-1918 / link-local / cloud-metadata / CGNAT / IPv4-mapped-IPv6; validates every resolved address; socket-pinned (no DNS-rebind); no redirect following; fail-closed.
Production boot guards — refuses to start on a dev-fallback secret, a default admin password, or a wildcard CORS origin.
LLM spend breaker + per-tenant budget caps.
Auditability & tamper-evidence
Keyed (HMAC-SHA256) audit hash-chain, key held outside the database — every action permanently recorded and tamper-evident; right-to-erasure via re-chaining tombstones, not deletion.
Secure SDLC — how we build
Every change ships via reviewed PR + required CI gates: full test suite, dependency-CVE audit, secret scanning (gitleaks), SAST (Semgrep + custom Laruna invariant rules on every tenant-scoped query and egress path), and an AI code review.
Signed commits + provenance ledger — every deployed line traceable to its PR, author and approval. Rolling out
Integrity attestation — continuously proves each instance runs exactly the code we shipped, and flags anything foreign. Rolling out
Assurance & monitoring
Continuous automated security sweeps — scored and trended run-over-run.
External penetration test as the independent floor (a go-live gate).
Human-in-the-loop — nothing customer-facing acts without your approval.
What it means for you
Two-factor sign-inPlus an org-wide “require 2FA for everyone” option and automatic sign-out after inactivity.
Tamper-evident trailEvery action permanently recorded and exportable — nothing can be quietly changed.
Access that expiresExtra permissions are time-boxed and auto-revoke; managers can safely reset their own staff.
Australian-hostedRun in Sydney, built to the practices independent auditors certify against for security and responsible AI.
Built to the practices auditors certify against — SOC 2, ISO 27001 and ISO 42001 — and to privacy and payment-security expectations. Formal certification is available under enterprise agreements.
Control, built in
You approvecustomer-facing
Auditedtamper-evident
2FAorg-wide option
Least privilegeexpiring access
AU-hostedSydney
Automation you can actually trust.
Approvals on anything customer-facing, a tamper-evident record of everything, and access that expires — so control is built in, not hoped for.
Live now · aligned to recognised security and responsible-AI standards; certification available under enterprise agreements.
Laruna · Melbourne, Australia · All offerings · You stay in charge of the decisions that matter.