Enterprise

Regulated work,
with receipts.

Six ready-made law profiles — HIPAA-adjacent, COPPA, SOC 2, EU residency, solo, agency — applied at production time, not retrofitted after the fact. Every output carries a governance chip showing which profile governed it and links back to the rule. Your compliance team gets the trail. Your team stops driving the process.

Contact sales →Book a technical review

Delivery receipt

Governed by: HIPAA-adjacent · evt_a7f2b1

Production
document · patient_intake_summary.md
Spec
spec_7b3c1e · approved 2026-04-17T14:02Z
Gates passed
phi_scan · min_necessary · readability · citations_present
Rules applied
hipaa.phi_detection · hipaa.access_audit · hipaa.retention_7yr
Model
kimi-k2.5 via openrouter
Cost
$0.0124
Audit entry
/law/audit/evt_a7f2b1

WHAT ENTERPRISE GETS

Five things your compliance team will actually ask for.

A chain of custody your compliance team can read

Receipts on every output, versions pinned forever, governance chips that link to the rule. Every production is traceable end to end — from brief to delivery, from rule to evidence. You stop assembling the evidence trail.

Residency you can verify

EU-only data paths available as a profile; the chip on every output shows which region handled it. Data residency is a setting, not a request ticket.

Access controls that match your org chart

SSO (SAML 2.0), SCIM 2.0 provisioning, role-based permissions, and approval queues per Studio. Scope every action to the smallest necessary role.

A cost model your finance team can model

Token budgets per project, alerts before overage, and a usage dashboard that maps to your chart of accounts. Pre-flight quotes on every production — no surprise burn.

BYOK when you need it

Bring your own provider keys at the Enterprise tier. Your relationship with OpenAI, Anthropic, Google, and every other provider stays yours — Accentor orchestrates, you pay the underlying bill directly.

LAW PROFILES

Six profiles, ready on day one.

HIPAA-adjacent

PHI detection on all outputs, encryption-at-rest verification, access audit per asset, minimum-necessary routing, 7-year audit retention. For healthcare-adjacent organizations that need defensible AI output.

COPPA

No external data collection, parental-consent workflows, age-gating, strict language filter, no behavioral ads, minimal retention, DSR support. For edtech and children’s platforms.

SOC 2 hygiene

Vulnerability scanning, 2-approval on production, quarterly access review, change-management evidence, incident response plan, encryption, audit log retention. For SaaS companies preparing for SOC 2 Type II.

EU residency

Data stays in EU, DSR support, EU-only model providers, retention limits, audit log, provider selection gated by region. For companies under GDPR.

Solo default

Cost ceiling per day, 90-day retention, own-data-only, no-publish-without-receipt. For individual consultants who need a light governance baseline.

Agency default

Team-approval on published work, brand-token fidelity gate, PII scan, quarterly audit export. For agencies serving multiple clients.

Clone any profile to create a custom one. Add or remove rules. Scope by project, team, or tag.

CHAIN OF CUSTODY

Addressable, append-only, exportable.

Brief → Spec (approved) → Generation → Gates (13 patch + type-specific) →
        Delivery → Receipt → Law audit (append-only, forever)

Every step writes an event. Every event is addressable by URL (/law/audit/evt_a7f2b1). Every event shows actor, subject, rule, outcome, and evidence. The log is append-only. There is no separate compliance review step — the chain of custody is the compliance review.

SECURITY & RESIDENCY

The short list.

Data residency: US, EU, APAC — your choice at tenant creation. Model providers filter accordingly.
Encryption: TLS in transit, AES-256 at rest, HMAC-signed audit entries.
Access: SSO (SAML 2.0) and SCIM 2.0 provisioning on Enterprise. Role-based permissions at workspace, project, and output level.
Retention: configurable from 30 days to indefinite. Audit log retained indefinitely by default.
BYOK: bring your own OpenRouter, FAL, Together, Model Studio, or Cerebras keys. Accentor bills only the orchestration fee.
Infrastructure: hosted on SOC 2 Type II infrastructure (Railway + Supabase, audited quarterly).

What we won't claim

Accentor is not SOC 2 certified as of this writing. The SOC 2 law profile implements SOC 2 controls on your outputs — it does not represent a third-party attestation of Accentor's infrastructure. Our own SOC 2 Type II is in audit; we'll publish the report when it's signed.

INFRA STUDIO

Your infra changes, audited the same way.

Accentor's Infra Studio treats every deployment like any other production — with a spec, a plan diff, gates, a rollback point, and a receipt. Scale a service. Promote a change. Roll back from the pinned snapshot. The chain of custody captures all of it.

Plan diff · productionplan_de92c1

+ service.orchestrator.replicas: 3 → 5
- env.LEGACY_FEATURE_FLAG: "true"
  service.memory.image: accentor/memory:v2.4.1 (unchanged)

✓7/7 gates passed · plan_valid · no_secrets_exposed · cost_delta_ok · rollback_captured · rls_preserved · services_healthy · audit_logged

See Infra workspace →

PROCUREMENT

Through procurement in 2–4 weeks.

Getting Accentor through procurement:

SOC 2 Type II readiness letter available; full Type II audit in progress — talk to us for status
DPA pre-signed and editable
HIPAA-adjacent profile with BAA discussion on request — talk to counsel about covered-entity fit
Security questionnaire responses on file (SIG Lite, CAIQ, VSA)
Custom SLA available at Enterprise tier
Dedicated slack channel with our founding team

Typical procurement cycle: 2-4 weeks. We've done this before.

Talk to us

We're a small, senior team. No BDRs. No “book a demo” funnels. You will speak to an engineer on the first call.

Email sales →Book a technical review →

Regulated work,with receipts.