Your infrastructure or ours
Enterprise tier deploys into your VPC or on-prem. No client data leaves your perimeter. Lower tiers run on TapeOps-managed infrastructure in the EU.
Regulated jurisdictions. Audit-grade logging. Deploy inside your perimeter or ours. Every control designed to answer the question a regulator will ask before they ask it.
TapeOps runs in the regulated jurisdictions where you operate. We treat your book the way you treat it — quietly, precisely, and with the audit trail your compliance team will actually defend.
Enterprise tier deploys into your VPC or on-prem. No client data leaves your perimeter. Lower tiers run on TapeOps-managed infrastructure in the EU.
TLS 1.3 for all wire traffic. AES-256 for data at rest. Keys managed per-tenant; Enterprise can bring their own KMS.
Role-based access down to the route and column. Single sign-on via Okta, Azure AD, or any SAML 2.0 provider. MFA enforced by default for production tenants.
Type I audit Q4 2026; Type II on the 2027 roadmap. ISO 27001 follows. Your auditors get a clean package — we’ve already answered their questions.
Every operational control in TapeOps is designed around the five questions a regulator opens a file with. Not a compliance afterthought — the design brief itself.
Daily rollup at symbol · book grain for slippage, rejection rate, latency. Any systematic asymmetry fires an alert the CRO sees before a regulator does.
Every A-vs-B decision writes { client_id, decision, classifier_version, feature_vector, timestamp } to an append-only log. Reproducible for years.
All quoting references an external aggregated mid. Deviations are logged. Stop-hunting doesn’t happen here, and the audit trail proves it.
Disparate-impact tests run per classifier retrain. Results persisted. If a protected class is systematically routed differently, the retrain is blocked.
Top-5-client revenue share is a first-class KPI on the dashboard. If it crosses 40%, the Anomaly Narrator surfaces it before the complaint does.