ONYXSCHEDULE
ARCHITECTURE
Security is the architecture. Not a feature.
5 security layers 6 compliance guardrails 100+ trigger patterns Zero data stored
TLS 1.3 Encryption
ACTIVE
All communications encrypted using the current highest standard for transport layer security. No data transmitted in plaintext at any point.
Zero Data Storage
ACTIVE
No conversation data stored on any server. All sessions exist exclusively in the visitor's browser memory and are destroyed on close or expiry.
Input Sanitization
ACTIVE
Real-time stripping of SQL injection patterns, cross-site scripting (XSS) attempts, script tags, and control characters from all user inputs.
Prompt Injection Detection
ACTIVE
20+ attack patterns detected and blocked including 'ignore previous instructions', 'jailbreak', 'reveal your prompt', role manipulation, and override attempts.
PII Auto-Redaction
ACTIVE
Social Security numbers, credit card numbers, and passport number patterns are automatically detected and redacted before processing.
Rate Limiting
ACTIVE
8 messages per minute, 100 messages per session maximum. Prevents automated abuse, denial-of-service, and scraping attempts.
Session Auto-Expiry
ACTIVE
Sessions automatically expire after 15 minutes of inactivity. All data permanently destroyed. No recovery possible.
Compliance Guardrails
6 ACTIVE
Six active guardrails with 100+ trigger patterns block regulated language in real-time. When triggered, the AI redirects substantively — not with 'I can't help' but with a path to the right human at your firm.
SOC 2 Type II
PURSUING
Actively pursuing SOC 2 Type II certification for enterprise clients requiring formal compliance documentation.
HIPAA Compatibility
DESIGNED
Architecture designed to be compatible with HIPAA requirements for healthcare clients. Zero storage model eliminates most PHI risk vectors.
THE 6 COMPLIANCE GUARDRAILS
Each guardrail fires automatically when visitor input matches regulated patterns. The AI never guesses, never fabricates, and never crosses a compliance boundary. When triggered, it redirects the conversation substantively — building trust while protecting your license.
Investment GuaranteesACTIVE
Blocks: Blocks promises of returns, risk-free claims, and performance guarantees
Redirects: Redirects to a private consultation where a licensed advisor can review the prospect's complete picture
Securities AdviceACTIVE
Blocks: Blocks specific stock, crypto, fund, and buy/sell recommendations
Redirects: Routes to a team member who can provide personalized guidance based on goals and risk profile
Medical DiagnosesACTIVE
Blocks: Blocks symptom interpretation, treatment suggestions, and medication advice
Redirects: Routes to a priority appointment with a physician for proper evaluation
Legal CounselACTIVE
Blocks: Blocks legal opinions, contract interpretation, and regulatory guidance
Redirects: Connects prospect with qualified legal professionals through the firm's network
Insider Trading / MNPIACTIVE
Blocks: Blocks any discussion of material non-public information or insider tips
Redirects: Immediately stops the thread and redirects to general service inquiries
Tax EvasionACTIVE
Blocks: Blocks offshore schemes, income hiding, and illegal tax strategies
Redirects: Redirects to legitimate tax planning — Roth conversions, charitable vehicles, qualified opportunity zones
Test the guardrails yourself in the live demo. Try asking for investment advice — watch what happens.
Your compliance team will want to read this.
Schedule a conversation and we will walk through the full architecture with your technical and legal teams. We are happy to execute mutual NDAs before any substantive discussion.
SCHEDULE
ONYX
PEDRO SOSA CALIFORNIA