Execution Isolation
Every governed action runs against an attested boundary. Governance evaluates policies on the production origin. Hardware attestation verification uses AMD SEV-SNP — cryptographically proven end-to-end against a pinned AMD root.
Architecture, operational controls, and the actual infrastructure that powers Ardyn's attestation and governance services.
Ardyn runs on Google Cloud Platform with VPC-isolated compute, TLS termination at the edge, and hardware-backed attestation for verifiable execution integrity.
Every governed action runs against an attested boundary. Governance evaluates policies on the production origin. Hardware attestation verification uses AMD SEV-SNP — cryptographically proven end-to-end against a pinned AMD root.
All governance decisions are hashed and committed to an append-only trace. Every ALLOW, BLOCK, or ESCALATE carries a SHA-256 proof hash — independently verifiable, mathematically provable.
Every decision trace is replayable. Nine-layer Control Spine evaluation is deterministic — given the same inputs and policy, any auditor can independently reconstruct and verify the outcome.
Production infrastructure runs on cloud compute with hardware attestation capability. Axiom governance runs as a separate service on dedicated infrastructure with AMD SEV-SNP for attestation verification.
The Axiom governance service runs in an isolated compute environment. All external traffic is gated through Cloudflare with TLS termination. Hardware attestation verification (AMD SEV-SNP) is cryptographically proven end-to-end against a pinned AMD root.
Compute instances are network-isolated. The governance service listens only on internal interfaces. External ingress is gated through Cloudflare with TLS termination.
AMD SEV-SNP provides cryptographic proof of execution environment integrity — proven end-to-end against a pinned AMD root, with offline re-derivation and zero network calls for verification.
All services run with resource limits and restricted filesystem permissions. No shared writable volumes between the public-facing gateway and the governance runtime.
Continuous health monitoring across all services. The gateway health endpoint reports service status, version, and available endpoints. Degradation triggers automated response.
Nightly encrypted backups of all persistent data stores. Backups are stored with geographic redundancy. Recovery procedure documented and tested.
Ardyn does not train on customer data or sell data. Account metadata (organization name, email, billing contact) is retained per the Privacy Policy. Execution payloads are retained only for the duration of the verification window and purged thereafter.
Documented response procedures ensure every incident is detected, contained, resolved, and reported.
Ardyn is actively building toward formal compliance certifications. Current posture and roadmap:
SOC 2 Type II audit is on the roadmap. Current controls (access logging, change management, backup verification) are being formalized to meet trust services criteria.
Ardyn processes metadata only — no PII, no customer content. Data stays within the production region. DDC records are customer-owned and exportable on request.
External penetration testing is scheduled. The gateway API has been designed with input validation, rate limiting, and deny-by-default governance semantics from day one.
Want to review our architecture in detail? Contact enterprise@ardyn.ai for a technical deep-dive with our engineering team.