Security & data governance
Credibility you can audit
Conservative buyers trust what they can verify. TRIUP.AI makes governance visible: published-data-only by design, a human gate on every liability-bearing output, and an audit trail behind it all.
Controls
What protects your institution
Published data only
By designThe platform operates on published / commercial patent data. It never ingests an unpublished disclosure or confidential Background IP — so it is not a novelty-destruction vector by construction.
Expert sign-off (four-eyes)
Every liability-bearing artefact moves DRAFT → IN REVIEW → APPROVED. The approver must be a different, named human than the author; FTO and valuation require an ATTORNEY. Enforced server-side, not just in the UI.
Append-only audit
Who generated, submitted, approved, rejected, or exported what — and when — is written to an append-only audit log, queryable per case and per artefact. APPROVED artefacts are immutable; an edit supersedes with a new version.
Tenant isolation
Cases are scoped to your organisation; cross-org access returns not-found, never a leak. Sessions are httpOnly with hashed tokens (a database leak is not a set of live sessions).
PDPA & cross-border
In progressOffshore LLM calls are covered by PDPA s.29 standard contractual clauses; a data-residency signal is surfaced on-screen. Designed for Thai institutional compliance review.
ISO 27001 path
RoadmapCertifying ISO/IEC 27001 first, then aligning to ISO/IEC 42001 (AI management). Expert-gating is the legally validated posture (duty-of-care), not a marketing claim.
Some items above are on the roadmap and are labelled accordingly. We do not overstate posture — the same honesty rule we apply to AI output applies to our own claims.
Reviewing us for procurement?
We'll walk your security and legal teams through the data flows, the sign-off model, and the compliance roadmap.