Security posture
Security posture for early OpsRail evaluations.
OpsRail Command Center is designed to support low-risk pilots using synthetic, masked, or de-identified operational files before any production integration or PHI-bearing workflow.
01 · Pilot posture
Designed for low-risk evaluation.
The defaults below apply to every pilot. Production use cases that involve PHI follow a separate security review path.
No PHI required for pilot
Evaluations run on synthetic, masked, or de-identified operational files.
Manual CSV upload only
No SFTP, no API ingest, no agent installs. Files are uploaded one at a time.
No production integrations
No connections to plan, vendor, retailer, or PBM systems during evaluation.
No write-back
Read-only relative to your systems. The product does not push anything back.
Data can be deleted
Uploaded files, parsed rows, incidents, and briefs can be removed on request after evaluation.
OpenAI used only for briefs
AI is invoked only after deterministic detection, on structured incident evidence — never on raw CSVs.
02 · Current MVP architecture
Single data path. Deterministic at the core.
The product is a single web app, a single backend, and a single database. AI is downstream of the deterministic engine.
Upload
CSV files
Frontend
Next.js
Backend
FastAPI
Database
PostgreSQL
Analysis
Deterministic engine
Brief
OpenAI API
- Frontend
- Next.js · Vercel-ready deployment
- Backend
- FastAPI · Railway-ready deployment
- Database
- PostgreSQL
- AI
- OpenAI API — only for brief generation, post-detection
- Source of truth
- Deterministic incident engine
03 · What is sent to OpenAI
AI is downstream of detection.
The deterministic engine produces an incident first. Only the resulting structured evidence is used to generate a brief — never the raw CSV files.
Only structured incident evidence is sent to the model for brief generation.
Raw uploaded CSVs are not required to be sent to OpenAI.
The model is instructed not to invent unsupported facts and to stay within the provided evidence.
AI output is a communication aid. The deterministic engine remains the source of truth.
Brief output is reviewable before sharing. Reviewers should validate against the linked incident evidence before sending to executives, vendors, or retailers.
04 · Security controls for pilot
Baseline controls during evaluation.
HTTPS in transit in hosted environments
Secrets stored as environment variables, not in code
Database-backed auditability of uploads, incidents, and briefs
No-PHI pilot mode is the default evaluation path
Manual data deletion available on request
Limited user access during pilot evaluations
De-identified or synthetic data recommended for all evaluations
05 · Important limitations
What this page is — and is not.
We’d rather be explicit than aspirational. Procurement and security reviewers should treat this page as a pilot-readiness overview, not a compliance attestation.
- The MVP is not yet SOC 2 certified.
- The MVP is not yet HITRUST certified.
- Future production PHI use may require a BAA, a vendor security review, formal access controls, audit logs, retention policies, and data processing terms.
- SSO and role-based access control are not included in the no-PHI MVP.
- This page is a pilot-readiness overview — not a compliance attestation.
Procurement-light evaluation