Enterprise overview
Architecture
ContextSage Enterprise is a Bring Your Own Hardware (BYOH) deployment. The bridge runs on your firm’s server. No document, embedding, or inference result ever leaves your infrastructure.
Browser (attorney's device) ↕ HTTPSBridge (firm's server — your hardware) ├── Gatekeeper (PHI classification) ├── Ollama (inference) ├── sqlite-vec (vector search) └── Audit log (tamper-evident)What’s included
| Feature | Status |
|---|---|
| JWT auth + RBAC (admin, attorney, paralegal, read_only) | Planned — E-1 |
| Tamper-evident audit log + export | Planned — E-2 |
| TLS deployment guide | Planned — E-3 |
| HIPAA Safe Harbor 18-identifier redaction | Planned — E-4 |
| Data retention hooks | Planned — E-5 |
| Amazon Bedrock cloud fallback | Planned — E-6 |
Three-layer moat
- Layer 1 — Zero-trust for PHI: gatekeeper inspects every prompt before any egress. Cloud routing is disabled by default. PHI never leaves uninspected.
- Layer 2 — HIPAA compliance: auth, RBAC, audit log, Safe Harbor redaction (E-1–E-6).
- Layer 3 — Domain workflows: matter isolation, cross-matter recall, deadline detection.
Get in touch
Email hello@contextsage.com with your organisation size and deployment requirements.