Helios control plane
Allowlist and deployment health only
Tenant approval, deployment identity, version, and heartbeat stay with Helios.
Privacy
Client data can remain inside your environment.
This page explains product data boundaries for regulated financial environments, not the website privacy notice.
Client data plane
Content and exports remain client-side
Raw messages, normalized payloads, events, timelines, exports, and secrets stay inside the client Azure environment.
App separation
Public site, product app, and partner environments are distinct
The public website, the Helios pilot app, and external partner deployments should not be treated as the same operating surface.
Why this matters for regulated clients
Banks, asset managers, hedge funds, and similar institutions need sensitive communications evidence to remain under clear custody boundaries. For regulated teams, deployment isolation matters more than allowlisting alone.
Your data stays in your environment. Helios never takes custody.
DecisionTrail runs with deployment isolation by default. No shared data layer and no message storage in Helios infrastructure.
What the product is responsible for
The product must preserve tenant-scoped auth, deployment identity, review auditability, and narrative exports inside the environment that actually owns the data.
What Helios can and cannot access
What Helios can access
- deployment identity
- system health
- required metadata
What Helios cannot access
- messages
- timelines
- exports
- decision content