Aristo — Trust, Security & Governance

Everything a security, procurement, or IT reviewer needs, in one place. Aristo is a warm companion, not a watchtower — and every claim here is one we can defend. We state plainly what is in place today and what is in progress, never a certification we don't hold.

Security posture

What's in place today, what's in progress, and what's available on request — the procurement-ready picture.
🕊️ Our honesty rule: Aristo is young. We will not claim SOC 2 "certified" until it is. "In progress" means exactly that — with our current posture and roadmap shown so you can assess risk today.

Data handling — in place today

No training on your data✅ In place
Your content is used only to produce your result, then dropped. Never used to train any model, never leaves the compliant AI boundary. AI calls are stateless and per-request.
Consent on every action✅ In place
Aristo never sends, books, or changes anything on its own. Every action is an explicit button-press by the user (on-behalf-of).
Least-privilege, on-behalf-of✅ In place
The do-it-with-me skills run AS each user (OBO) with minimal scopes. Aristo holds no standing tenant-wide mailbox access.
Tenant data isolation✅ In place
Each customer's state is partitioned per-tenant (Cosmos partition key) and queried only by that tenant id.
Encryption in transit & at rest✅ In place
TLS everywhere; data at rest encrypted by Azure-managed keys. Customer-managed keys planned for the top tier.
Aggregate-only — five or more people✅ In place
Manager/admin views are aggregate — shown only for five or more people, never who-did-what. We keep only minimal per-user operational state (to message you + count your own wins) — no leader-facing activity trail. Opt-out + deletion honored.
SIEM / audit-log export✅ In place
The aggregate governance ledger exports to your SIEM (Sentinel/Splunk) as JSON or CSV — /api/audit/export.

Certifications & enterprise controls — in progress

SOC 2 Type II / ISO 27001🟡 In progress
Not yet certified (we're early). Controls are being implemented; an independent penetration test + CAIQ/SIG-Lite are planned. Current posture available now.
SSO (SAML/OIDC) + SCIM🟡 In progress
Sign-in to the admin console is via Microsoft Entra today; full SAML/OIDC + SCIM provisioning is on the near-term roadmap.
Data residency / EU boundary🟡 In progress
Hosted in a named Azure region; EU Data Boundary support and tenant-selectable residency are planned for regulated/EU buyers.
GDPR — DPA, DPIA, DSAR🟡 In progress
A Data Processing Agreement is available; a DPIA template, lawful-basis statement, and right-to-erasure (DSAR) flow are in progress.
Accessibility — WCAG 2.2 AA / VPAT🟡 In progress
Built mobile-first and high-contrast; a formal WCAG 2.2 AA conformance audit + VPAT are planned.
BCP/DR + uptime SLA🟡 In progress
Running on Azure Container Apps with managed availability; a formal RTO/RPO + uptime SLA + incident-response commitment are being documented.

On request

Sub-processor list📋 On request
Microsoft Azure (hosting, Graph) + the AI model providers (OpenAI/Anthropic via compliant endpoints). Full list + DPAs on request.
Graph permission blast-radius📋 On request
The exact scopes Aristo requests, why, and a frank "what a compromise could expose" statement — provided for your security review.

The Graph scopes Aristo uses (and why)

Least-privilege, each explained at consent. Delegated scopes act only as the signed-in user; app-only scopes are read-only and, for mail, hard-scoped by an Exchange policy.
As the user (OBO, delegated): User.Read (who you are) · Mail.Read + Mail.Send (draft & send YOUR reply, only on your press) · Calendars.Read (prep your next meeting).

App-only (admin-consented, scoped): Reports.Read.All (who has Copilot but isn't using it — the cold cohort) · Mail.Read restricted by an Application Access Policy to only the mailboxes in scope · ServiceMessage.Read.All (Message Center, for the tenant Capability Radar). Each is the minimum for its job.

Governance ledger

Care, not surveillance — the aggregate record of how Aristo behaves, and the lines it will never cross.
Tasks done with explicit consent
Nudges today (under the cap)
Opt-outs honored
People Aristo has met
Sign in to your Aristo workspace (or open the demo) to see live aggregate numbers for a tenant. The guarantees below always apply.
No pressure, ever
At most 1 proactive message per person per day, with a cooldown between them. One word — "stop" — silences Aristo instantly and permanently, no friction.
Every action is consented
Aristo never sends an email, books, or changes anything on its own. It drafts and offers; the user presses the button. Nothing happens without an explicit, in-the-moment yes.
Least privilege
Read-only, scoped permissions. The do-it-with-me drafting runs as each user (on-behalf-of) — Aristo never holds tenant-wide mailbox access, and asks only for what a given action needs.
No training on your data
Your content is processed transiently to produce a result, then dropped. It is never used to train models and never leaves the compliant boundary of the AI service.
Aggregate only — by design
Manager and admin views are aggregate — shown only for five or more people, showing health and never "who did what." The only per-person data we keep is the minimal operational state needed to reach you in Teams and count your own wins — never a leader-facing activity trail — and it is opt-out and deletable.

What Aristo deliberately does not keep

The Aristo covenant →Where your answers go →Privacy policy →

Questions for security review? A full DPA, sub-processor list, and SOC 2 status are available on request — hello@phoenixhalo.com. A PhoenixHalo product.