Data handling & security

Your evidence doesn’t have to leave your machine.

CAPAS is a deterministic gate, not a model. There is no language model in the decision and nothing to train, so your claims are never used to train anything. This page states plainly what is true today and what is still on the roadmap.

Three ways to run it

Fully local

Library (pip)

pip install capas-claim-gate. The gate runs in-process on your machine; evidence never leaves it.

Fully local

MCP server

python3 capas_mcp.py as a local tool for your agent. Same in-process gate, no outbound calls.

Optional

Hosted API

A managed endpoint for signed certificates. Used only if you choose it; auth-gated and isolated per pilot.

The honest core: the verdict (ACCEPT / REWRITE / REJECT / HOLD) is pure local computation over the evidence fields you supply. CAPAS makes one kind of outbound call, and only if you opt in: when a payload declares source_urls for provenance verification, CAPAS fetches them to confirm they are recoverable and hash-match. Supply no URLs → no network calls in the gate path.

Buyer questions, answered straight

Is our source text used to train a model?

No. CAPAS is deterministic — there is no model in the decision path and no training step. The same payload always yields the same verdict.

Does our data leave our environment?

Not in library or MCP mode — the gate is in-process. The only exception is opt-in provenance verification (if you include source_urls, those URLs are fetched). The hosted API is used only if you send a payload to it.

How is the hosted API secured?

Certificate issuance is auth-gated (Authorization: Bearer / X-API-Key via CAPAS_API_KEY). Certificates are signed (HMAC-SHA256, content-addressed) so any tampering is detectable on verification. The certificate store path is configurable (CAPAS_DATA_DIR); retention is defined per pilot.

Can we run it air-gapped / on confidential records?

Yes. Run the library or MCP server inside your own environment on redacted or full records, with no source URLs, and nothing is transmitted. Pilots can begin on synthetic samples or customer-provided redacted payloads.

What about logging?

The local gate writes no telemetry. The hosted API logs are operational only and configurable per deployment; no payload content is required to be retained.

What’s true today vs roadmap

Available today

  • Fully local execution (library / MCP) — no data egress
  • Deterministic gate; no model, no training on your data
  • Signed, tamper-evident certificates (hosted)
  • API-key auth + configurable data/retention dir
  • Opt-in (not default) provenance URL fetching

    • Roadmap / per-pilot

  • SOC 2 / ISO 27001 — not yet certified
  • DPA & subprocessor list — defined per pilot
  • Tenant isolation & encryption-at-rest SLAs (hosted)
  • Formal data-retention & export-control terms
  • Private-cloud / on-prem managed deployment
    • CAPAS does not certify compliance, provide legal advice, or guarantee a security posture beyond what is stated above. It is a deterministic evidence-control layer; security terms for any hosted or managed deployment are agreed per engagement. Do not paste confidential source text into the public Gate App demo — use the library, MCP server, or an isolated pilot endpoint for sensitive material.