Trust & Data Boundaries

How Skris addresses data exposure, surveillance risk, and regulatory compliance through verifiable architectural decisions. Local enforcement, event-only audit, GDPR-aligned by design.

See Products See Use Cases

Principles

What trust means here

Most governance tools focus on what they detect. Skris focuses on where control runs and what data leaves the boundary. Without clear data-handling boundaries, the governance tool itself becomes a data exposure risk.

Local enforcement

Policy runs on the employee's device or inside your own infrastructure. Not in a vendor cloud.

Event-only audit

Audit records capture governance events — not prompt content, not user behavior.

Minimization by default

Defaults favor the least data collection needed for governance. Not comprehensive logging.

* These are architectural decisions, not configurable options.

Where processing happens

Architecture

  • Policy evaluation runs on the endpoint or inside an on-premise gateway in your infrastructure or VPC.
  • Prompt content is evaluated locally. It is not routed through Skris or any third-party cloud.
  • The central control plane distributes signed policy definitions and receives metadata-only events. It does not receive or store prompt content.
  • Full on-premise deployment is supported — including policy management and audit servers — entirely within your network boundary.

* The governance tool never becomes a secondary data exposure surface. Content stays where it originated.

Data boundaries

What Skris does not collect

Tools that store prompts or build behavioral profiles create the surveillance risk that works councils and privacy officers will push back against. Skris avoids this by design.

No prompt or document content stored, transmitted, or retained by default.

No per-user behavioral profiles. No productivity scoring, usage ranking, or individual risk scoring.

No user or machine identifiers in audit signals by default.

No clipboard, browsing history, or file system access outside defined workspace boundaries.

* Content logging is available as a configurable option for specific compliance requirements — not a default. Minimum viable governance does not require storing employee data.

Regulatory alignment

GDPR and EU governance alignment

European data protection principles are foundational constraints in the architecture, not a compliance checklist applied after the fact.

Data minimization — Art. 5(1)(c)

Audit signals carry only the violation category and timestamp. No prompt content, user IDs, or machine IDs.

Purpose limitation — Art. 5(1)(b)

Governance data serves one purpose: demonstrating policy enforcement. Not repurposed for performance management or profiling.

Storage limitation — Art. 5(1)(e)

No raw content retention by default. Metadata retention periods are configurable and documented.

Data sovereignty — Art. 44–49

On-premise and region-locked deployment. The full stack can run within a single legal territory.

Transparency — Art. 13–14

Enforcement is visible to the user. They see which category triggered and what the outcome was. No hidden monitoring.

Verification

What each audience can verify

Compliance and privacy officers

  • Default audit signals carry no personal data.
  • Purpose limitation is architecturally enforced, not just policy-configured.
  • Retention defaults and metadata schema are documented and auditable.

Works council and employee representatives

  • No individual profiling, behavior scoring, or per-user timelines.
  • Enforcement is visible to the employee at point of interaction.
  • Governance posture can be inspected before deployment.

Security leaders

  • Enforcement runs on endpoint and on-premise — not vendor cloud.
  • Trust boundary model documents what is local, what is transmitted, and what is never transmitted.
  • Coexists with existing DLP, CASB, and SIEM infrastructure.

IT and platform teams

  • Deployment options: endpoint-only, hybrid, or fully on-premise.
  • MDM/group policy compatible with rollback capability.
  • No external vendor dependency required for enforcement to operate.

Explore

See how it works in practice.

Explore the products or learn about use cases.

See Products See Use Cases