Relevance is not permission. Retrieval pulls whatever is relevant to a question; it has no idea what the person asking is cleared to see. A prototype hides that on sample data. Production, on real records, is where it leaks.
Point your retriever or API client at Custosa; every record runs the conduit before the model.
Evaluates every field and chunk. Provider-agnostic.
Deterministic, role-aware policy. No model guessing; fail-closed.
PASS or REDACT per field. HIPAA, SOC 2, and SOC 1 at once.
Signed and hash-chained, then the record is dropped.
Logs you control are claims. A sealed, chained record is evidence.
Alter one entry and the whole chain breaks.
Verify it yourself, offline. No trust in Custosa required.
Verdicts only, never content. The ledger holds signed hashes, not records.
Exports as JSON for your audit pipeline (CEF and LEEF on the roadmap).
Where Custosa differs, and where it deliberately isn't a catalog or a gateway.
| Capability | Custosa | LLM gateways | Data catalogs |
|---|---|---|---|
| Inspects before the model | ✓ | sees prompts only | offline scan |
| Field-level runtime verdicts | ✓ | text only | column, batch |
| Deterministic formal policy | ✓ | keyword / LLM | metadata rules |
| Signed, hash-chained evidence | ✓ | database log | central log |
| Content-free evidence | ✓ | stores I/O | stores profiles |
| Added latency (p99) | 50 to 110ms target | adds a model call | batch / offline |
Clinician, nurse, and researcher roles see only the fields they're cleared for. Auto-classifies FHIR R4. No weeks of schema labeling.
SR 11-7, FFIEC, and ICFR map to runtime verdicts your risk teams can evidence on demand, across banking APIs and claims.
The first question in any AI compliance review will be "did the control plane allow this?" Custosa is already in production with design partners, and expanding across new verticals.
If you're putting AI into production on regulated data, let's talk.