Does Helios need to keep client message data?

No. The intended partner architecture separates a Helios control plane from a client-owned data plane so client message content, timelines, exports, and secrets can remain inside the client deployment.

What metadata can Helios retain in that model?

Helios can retain non-content metadata such as tenant allowlisting, deployment identity, version, status, and heartbeat, while the client data plane stores the actual investigation data.

Privacy

A public funnel should not imply shared client data custody.

The website is public because buyers need to find and evaluate the product. That does not mean the product should centralize client message data inside the shared Helios environment.

Helios control plane

Allowlist and deployment health only

Tenant approval, deployment identity, version, and heartbeat stay with Helios.

Client data plane

Content and exports remain client-side

Raw messages, normalized payloads, events, timelines, exports, and secrets stay inside the client Azure environment.

App separation

Public site, product app, and partner environments are distinct

The sales funnel, the Helios pilot app, and external partner deployments should not be treated as the same operating surface.

Why this matters for regulated clients

Banks, asset managers, hedge funds, and similar institutions do not want a vendor to default into custody of sensitive communications evidence. The correct answer is deployment isolation, not just tenant allowlisting in a shared environment.

What the public site is responsible for

The public site should clearly communicate that DecisionTrail can be deployed in a privacy-safe model, explain the boundary between Helios and the client, and route qualified traffic into a sales conversation.

What the product is responsible for

The product must preserve tenant-scoped auth, deployment identity, review auditability, and narrative exports inside the environment that actually owns the data.

See DecisionTrail in Action