Trust · Compliance · Disclosure

How a regulator,
an auditor, or your CISO
should read us.

Plain answers to the questions you will be asked. Data residency, EU AI Act mapping, GDPR Article 22 auditability, DORA compatibility, provenance contracts, and responsible disclosure.

01

Data residency

All Helios substrates run inside European data perimeters. Customer data does not leave the jurisdiction of the deploying institution. No model weights are exported. No prompts are mined.

02

EU AI Act · Risk classification

Helios world models deployed for institutional decisions are designed against the obligations of a high-risk AI system under the EU AI Act: risk management, data governance, technical documentation, transparency, human oversight, robustness, and post-market monitoring.

03

GDPR Article 22 · Auditability

Every recommendation is traceable to the data, evidence, ontology version, and reasoning composition that produced it. No purely automated decision is made without explainable rationale at the level the regulator and the data subject require.

04

DORA compatibility

For financial sector clients, the substrate maps to DORA obligations across ICT risk management, incident reporting, resilience testing, and third-party risk. Audit artefacts are generated as a property of the runtime.

05

Provenance contracts

Every signal binds to its source. Every fact carries when it was true and when we learned it. Every decision carries the evidence and policy that justified it. Provenance is a property of the substrate, not a dashboard feature.

06

Responsible disclosure

Security researchers, auditors, and customers who discover a vulnerability are asked to contact hello@heliosbrain.com. We acknowledge within 48 hours and credit on disclosure unless requested otherwise.

Responsible disclosure

Found something?
Tell us first.

Security researchers, auditors, and customers who discover a vulnerability are asked to write to us before any public disclosure. We acknowledge within 48 hours and credit on disclosure unless requested otherwise.

security@heliosbrain.com
Audit access

Regulators
welcome.

For regulators, DPAs, internal audit teams, and customer compliance officers: technical documentation, audit logs, and a working substrate walkthrough are available on request. We do not hide behind NDAs to refuse review.

compliance@heliosbrain.com