Compliance Center

The Shared Responsibility Model

Security and compliance are a shared responsibility between SnathAI and the Customer. This model relieves the customer's operational burden while maintaining strict regulatory control where it matters.

Customer Responsibility

"Validation of the Process"

Agent Logic Validating that the agent's prompts and tools are fit for purpose.
SOP Enforcement Defining who has access and how changes are approved.
Data Governance classifying data sensitivity and managing consent.

SnathAI Responsibility

"Validation of the Platform"

Compute Integrity Ensuring the Lár Engine executes graphs deterministically.
Audit Trails Cryptographically signing every step (HMAC-SHA256).
Infrastructure Physical security of cloud regions (if using Snath Cloud).

1. SnathAI Responsibilities (The "Controls")

SnathAI operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates (for Snath Cloud).

  • Development Quality Assurance: We validate releases of the Lár Engine against our internal specifications.
  • Audit Mechanisms: We provide the technical capability to generate immutable logs (e.g., the `EnterpriseLogViewer`).
  • Security Patches: We maintain the security of the underlying container images and libraries.

2. Customer Responsibilities (The "Process")

The customer assumes responsibility and management of the "Guest Agent" (including prompts, tools, and data). Because Lár agents are programmable, the customer must validate that their specific configuration meets their regulatory needs.

  • Intended Use Validation (IUV): You must verify that the agent performs correctly for your specific use case.
  • Procedural Controls: specialized SOPs for "Human-in-the-loop" review of agent outputs.
  • 21 CFR Part 11 Mapping: You are responsible for documenting how your use of SnathAI maps to your internal compliance matrix.

Important Legal Disclaimer

SnathAI materials are for informational purposes only and do not constitute legal advice. SnathAI provides software tools that can be configured to support compliance with regulations such as 21 CFR Part 11, EU Annex 11, and GDPR. However, compliant software does not equal a compliant process. The user is solely responsible for validating their implementation and ensuring it meets all applicable laws and regulations. SnathAI disclaims all liability for regulatory non-compliance resulting from the user's implementation or operation of the software.