Trust & controls

Numbers from your data,
not the model.

Region
AWS Sydney
ap-southeast-2
Model training
Your data excluded
Contractual · DPA available
Deployment
Single-tenant on request
Customer-managed KMS
Monitoring
Vanta
Live trust page
Architecture & lineage

Architecture

Numbers from your data, not the model. AI handles structure and prose. Deterministic code computes every figure. Lineage threads through both.

Input
Your data
  • · ledger / financials
  • · JORC reports
  • · prior announcements
  • · house style guide
  • · source files / API / web
Lane A
Narrative

Structure, narrative synthesis, prose.

non-deterministic
Lane B
Data

Every number — sums, ratios, reconciliations. Validated.

deterministic
Output
Drafted document
  • Lineage on every number
  • Audit trail retained
  • Reproducible at lodge time
  • Immutable publish lock
Lineage · source · transform · calculation · display

Lineage is visible in the published draft and the drafting tools, and covers files, API calls, and web-search sources.

Lineage and audit trail

Every output retains:

  • Source attribution — file, system or URL, with timestamp.
  • Transformation history — what code ran, with what inputs.
  • Calculation chain — every number resolves to source.
  • Author and approval log.
  • Immutable publish-lock — the sent version is reproducible.

AI providers

StoriBot uses frontier AI models, including Anthropic's Claude, selected for accuracy and safety profile. The architecture is provider-agnostic — we retain optionality across vendors.

Data & access

Data residency

  • Hosted on AWS Sydney (ap-southeast-2).
  • All processing within Australian sovereign infrastructure.
  • No data leaves Australian region without explicit customer consent.

No training on customer data

  • Customer data is never used to train any AI model.
  • This commitment is contractual (DPA template available).
  • Frontier AI providers we use also contractually exclude training on API data.

Access control

  • Per-user authentication (Cognito / SSO).
  • Role-based access (draft, review, approve, publish).
  • Audit log of every access event.

Single-tenant option

For customers handling material non-public information at scale, a fully isolated instance is available with:

  • Dedicated AWS infrastructure.
  • Customer-managed encryption keys (KMS).
  • Network isolation (VPC peering or PrivateLink).
Governance & compliance

Incident response

  • 24-hour incident notification.
  • Post-incident report within 5 business days.
  • Customer-nominated security contact.
Document requests

Need our DPA, security overview, or single-tenant deployment notes?

Book a 15-minute conversation. We'll email the relevant documents within one business day.

DPA templateSecurity overviewSingle-tenant deployment notes
Book a conversation
Authorship and legal

The customer remains the author of record for all disclosed materials. StoriBot produces drafts. Your board, legal counsel, and auditors are responsible for final review, accuracy, and regulatory compliance. StoriBot is not a financial, legal, or accounting advisor.