Trust
Built to beaccountable.
Governance isn't a feature page for us — it's the architecture. What that means concretely:
Overview
Most platforms treat governance as a settings screen bolted onto a system that could work without it. Blinkin is built the other way around: isolation, review-gating and audit are load-bearing parts of the architecture, not options you switch on. Here is what that means concretely — and, where something isn't yet verified, we say so.
Architecture
Governance architecture
Feature
Your data, physically separated
Each organization runs on its own physically isolated data store. Your material is not co-mingled with another tenant's in a shared database — the separation is at the store level, not a filter on a shared one.
Feature
Hosted in the EU
The platform is hosted on European infrastructure. Login is through Auth0 organization SSO, so access follows your own identity provider.
Feature
Nothing becomes truth without review
There is a hard product boundary between reviewed Knowledge and everything pending in the Inbox. AI reads only from the reviewed side — the review gate is enforced in the product, not left to policy.
Feature
Every action on the record
Runs, approvals, edits and publications carry an audit trail. Who changed what, who approved it, and on what evidence are recorded as the work happens.
Feature
Human gates on sensitive tools
Sensitive agent tools are approval-gated: the run pauses for a human yes before it executes. Automation never quietly crosses a line you'd want to sign off on.
Feature
Model-agnostic by design
One governed AI gateway sits between your work and the model vendors, with provider-agnostic routing, retry, fallback and policy — so there's no lock-in to a single model vendor.
Posture
Certifications
PlaceholderSpec-sheet placeholders — replace with verified posture before launch.
- SSO / SAMLTo be confirmed
- GDPR postureTo be confirmed
- Backups & recoveryTo be confirmed
- Penetration testingTo be confirmed
Questions
Data handling
Is my data used to train models?
No. Your material stays in your isolated organization store and is used to answer your team's questions and run your agents — not to train models. The AI gateway routes requests to model providers; it does not turn your knowledge into training data for them.
Where is my data stored?
In your organization's own physically isolated data store, hosted on European (EU) infrastructure. It is not co-mingled with other organizations' data.
Who can see what?
Access is controlled per Space through its team, roles and rules, behind Auth0 organization SSO. Agents see only the knowledge they're scoped to, and only the reviewed Knowledge side of a Space — never pending material.
What happens when we leave?Placeholder
Export and deletion terms on offboarding are to be confirmed — we won't state a specific retention or export guarantee here until it's contractually verified. What is true today: your data lives in an isolated store, so there is a clean boundary around what is yours.
Can you show a certification?Placeholder
Not yet on this page. Our certification rows are marked "to be confirmed" until independently verified. Specific posture details (SSO/SAML, GDPR, backups, penetration testing) can be walked through in a demo.
Do sensitive AI actions run automatically?
No. Sensitive agent tools are approval-gated — a person approves the run before it executes — and every run is on the audit trail.
Next step