Designed for teams that cannot afford surprises.

Cali follows a defense-in-depth posture: how investigation data is stored, processed, accessed, logged, and monitored—aligned to enterprise security expectations for sensitive casework.

• Encryption in transit for customer connections.
• Encryption at rest for stored data, using current standards.
• Role-based access controls for users and operational roles.
• Environment segregation between non-production and production.
• Least privilege for systems, integrations, and personnel access.
• Logging and monitoring where available and appropriate to the deployment.
• Secure deployment and change-management practices for the Cali platform.

As Cali matures, we expect to align controls with common security frameworks and undergo independent assessments when appropriate. Specific controls may vary by deployment and configuration.

Investigation data spans different sensitivity classes. Cali distinguishes public on-chain data, OSINT-derived context, customer-provided materials, and generated case artifacts (structured summaries, reporting drafts, exhibits) so teams can reason about handling, access, and review expectations consistently.

• Case-context handling is scoped to what the investigation workflow requires; enterprise deployments can align minimization and retention choices to internal policy where supported.
• Customers may request export or deletion of certain investigation-level artifacts where operationally and legally permissible—constraints vary by matter and jurisdiction.
• Retention, backup, and archival behavior are configured during enterprise deployment so teams can balance investigative continuity with reducing unnecessary retention.

Formal data handling, retention, and export documentation is reviewed with legal, risk, audit, and security stakeholders during enterprise evaluations. Specific handling may vary by deployment and configuration.

The Cali Panel supports investigators; it does not make final determinations. Cali is designed so structured outputs and reporting artifacts remain reviewable, analyst-controlled, and explainable—not substitutes for professional judgment, policies, or filings.

• Cali Panels produce structured summaries, findings drafts, operational summaries, and reporting artifacts—investigators review, edit, approve, and decide what is escalated or filed.
• Analysts remain accountable for conclusions, supervisory responses, and any language used in official records.
• Where possible, Cali Panel outputs stay tied to visible case context, filters, module views, and evidence so reviewers can trace how outputs were produced.

The objective is to make investigative conclusions easier to explain and defend— never to obscure how they were reached.

Security and trust follow a shared responsibility model: Cali secures the platform and configurable infrastructure; customers govern users, access reviews, internal policies, investigation workflows, retention choices, and how evidence-linked outputs are used in their control environment.

• Cali is responsible for the secure operation of the Cali platform as deployed.
• Customers are responsible for identity and access management, periodic access reviews, segregation of duties, and aligning Cali usage with regulatory and internal control expectations.
• Enterprise teams work with Cali during evaluation to align workflow governance, logging, retention, and export behavior with procurement, security, and audit requirements where supported.

Cali Panel workflows operate on case-context the analyst is working in—scoped to what is needed for structured summaries and reporting drafts, with customer-controlled configuration where supported for approved infrastructure and credentials.

• Least-necessary case context for the requested Cali Panel workflow.
• Customer-approved providers and deployment controls where supported by the engagement.
• Workflow governance aligned to procurement, security, and information-risk review.
• Cali Panels support explanation and drafting of analyst-controlled outputs—not automated enforcement or final risk determinations.

During enterprise evaluations, Cali aligns Cali Panel data handling, logging, and configuration documentation with customer security and procurement requirements where supported. Specific behavior may vary by deployment and configuration.

Common questions from security and compliance teams

Security posture and available options may vary by deployment and customer configuration.

Cali is not a law firm, regulator, or auditor, and does not provide legal advice. Cali provides investigation infrastructure to help teams document what was reviewed, what was observed, and how structured findings were developed—customers remain responsible for judgments, filings, policies, supervisory responses, and conclusions.

• Evidence-linked summaries and review-ready documentation are intended to support audit and supervisory review—not to replace internal legal, risk, or compliance sign-off.
• Customers apply their own procedures, control frameworks, and professional judgment on top of what Cali produces.
• Cali works with customers' legal, risk, audit, and security teams during evaluation and deployment to align documentation and workflow governance with institutional expectations.

What customers can review during evaluation

Security review is not just about encryption claims. For investigation teams, the evaluation also includes how case context, structured outputs, exports, and review workflows are handled.

• Data handling and retention expectations, aligned to deployment scope where supported
• Access-control and role requirements for investigation users and operational roles
• Case-context handling for Cali Panel workflows—scoped to what the workflow requires
• Export, logging, and review requirements configured during enterprise evaluation
• Deployment configuration and customer-approved infrastructure options where supported
• Governance expectations for analyst review, edit, and sign-off before escalation or filing

Specific controls, logging depth, and infrastructure options depend on deployment scope and are configured with the customer during enterprise evaluation.