Invite-only preview

The secure AI back-end you don’t build or operate.

Typed records, documents, hybrid search, citation-grounded answers, and in-perimeter inference — behind one API and one declared data model, reachable both by your app and by your agents.

Start lean. Scale to compliance-grade without re-platforming.

Invite-only preview today. Self-serve and a free tier are on the way as we open access.

One model, everything derives from it

Declare your data model once.

The platform turns that one declaration into the back-end an AI product actually needs — the pieces stay in sync because they’re properties of the same model, not four systems you wire together and operate.

declare once

One declared data model

Typed records & documents
Hybrid search
Grounded RAG
MCP-native tools
Fail-closed isolation
Metered cost

Typed records and documents

Define your own record schemas — fields, validation, references, sensitivity — and write records against them. Ingest documents inline or by upload, organize them in folders, and retrieve their text and download URLs. Every write to an audited model is versioned, with optimistic concurrency.

Hybrid search, no separate vector DB

One search call spans records and documents, in keyword, semantic, or hybrid mode. Your source of truth is what’s searchable — no vector index bolted beside a database with a fragile sync job in between.

Grounded RAG out of the box

The same indexed content grounds inference: chat, retrieval over your own data, and document-scoped question answering — streamed, with citations back to the source.

MCP-native for agents

Twenty-one data-plane tools let an agent read and write your Vectros data directly over the Model Context Protocol. Vectros data-plane tools only — no web-fetch or external-search surface, by design.

Per-customer isolation that fails closed

Every data-plane resource is partitioned by an auth-derived context that fails closed; lookups never cross a context boundary. Isolation is structural — not a row-level rule one forgotten WHERE clause away from a leak. Scoped keys carry exactly the permissions you grant and no more.

Cost tracks the work you do

Credit-based and pay-as-you-go — one credit is a penny, with a generous free read allowance on every plan. You pay to write, search, store, and run inference, and only for the capabilities you turn on. You don’t pay for other tenants’ scale.

Cost tracks the work you do — see the five-tier shape and the credit model.

One substrate, two surfaces

Reach your data the way your product does — app-native and agent-native.

The same typed model, the same fail-closed isolation, and the same scoped keys are reachable two ways: by the people who use your product, and by the agents that act on their behalf. You don’t pick one — you get both over one substrate.

Your app — human-native

A working UI on day one

The default data-plane app gives you a browsable UI over your typed model immediately — records, documents, folders, search. Build your own with the React toolkit and the SDKs when you’re ready; same model, same isolation, same keys.

Your agents — MCP-native

Native tools over MCP

Vectros ships an official Model Context Protocol server. Drop one entry into your agent’s config and the model can search, read, and write your data as native tools — twenty-one data-plane tools, no web-fetch or external-search surface, by design. Isolation and scoped-key enforcement hold exactly as on the API.

claude_desktop_config.json
{
  "mcpServers": {
    "vectros": {
      "command": "npx",
      "args": ["-y", "@vectros-ai/mcp-server"],
      "env": { "VECTROS_API_KEY": "ssk_live_..." }
    }
  }
}

Search, records & RAG as tools

Hybrid search, full record/document/folder CRUD, and grounded question-answering — callable directly by the model.

Data plane only

No internet, no third-party tools. An agent reaches your tenant’s data and nothing else.

One-command credential

The CLI mints a least-privilege scoped key and merges the config for you — your root key never touches an agent.

The bridge

Start lean. Scale to compliance-grade without re-platforming.

The trap every cheap tool sets

Most cheap back-ends wall you the day you land your first real customer. The auth or database you reached for was never eligible for a BAA, or compliance arrives as an enterprise-tier jump — so you rip it out and re-platform, usually with that first customer watching.

Why there’s no wall here

Compliance is a peak of the capability surface, not a tax on the entry price. The same per-customer isolation that keeps you cheap at the bottom makes you defensible at the top — identical on every tier. When a customer needs audit history or sensitive-field handling, you turn it on. Same platform, no rewrite.

Building for regulated data? See the depth →

Where this is going

From back-end to governed agentic workflows.

The same isolated, audited, typed substrate is what governed agentic workflows run on. We run our own content and outreach operations on it today — dogfooding the agentic layer before we open it. Partner-facing agentic workflows are on the roadmap, not the price list. Start on the back-end; grow into governed agents on the same platform, no re-platform.

Runnable proof

A thing you can run beats stacked adjectives.

Pick a blueprint — one reviewable file that declares the schemas, access, and a service principal — and provision it. Then drive it from an MCP agent or the data-plane UI. No application code required.

terminal
vectros blueprint list
vectros bootstrap --blueprint agentic-sdlc

Agentic-SDLC knowledge base

Your team’s decisions, conventions, runbooks, and gotchas as one typed, hybrid-searchable system of record — recalled by your agents over MCP, browsable by your team. The blueprint we run our own engineering org on.

See how it works

Second Brain

Dump every note, idea, and link in one place — then just ask it. The widest on-ramp.

Clinical Intake

synthetic / illustrative

Structured intake that validates on the way in and surfaces the most similar prior cases by meaning. Triage and decision support — never decisioning.

See the audit trail, don’t just read about it

The version timeline made visible: who changed what, when — each row append-only and part of a tamper-evident state-continuity chain, with sensitive fields already redacted in every historical row.

Audit Historyrecord rec_8f3a · intake_case
VerActorChange
v4svc.intake-botstatus: in_review → triaged
v3dr.okaforrisk_note: ••••••••• (redacted)
v2svc.intake-botpriority: normal → elevated
v1dr.okaforrecord created · 7 fields
Illustrative — synthetic data. Sensitive fields are destroyed before they reach retained history.

The single clearest answer to “why not a general-purpose back-end?” See what you can build or read Vectros vs. rolling your own.

The invite-only journey

Reach conviction on public material before you ask for access.

1

Read the docs

The API, SDK, CLI, and MCP surface, plus the rendered spec.

2

Read the code

The reference apps and SDKs are public; read them, don’t take our word.

3

Run a blueprint

Pick one and see exactly what it provisions.

4

Request early access

The gate.

Evaluating for a regulated workload? Compliance specifics — HIPAA applicability, BAA coverage, attestation status — are available under NDA.

Honest caveats

Where the boundaries are.

What’s in place today, what’s scoped, and what isn’t built yet.

Audit history is tamper-evident, not tamper-proof.

A SHA-256 state-continuity chain makes out-of-band alteration detectable; it does not make the store physically immutable.

Reviewed, not certified.

Partner-facing surfaces have been hardened through extensive adversarial security review. We don’t hold a SOC 2 report or a third-party penetration test today — both are on the roadmap.

In-perimeter inference is scoped to the partner data plane.

Sensitive content on that path stays inside the Vectros perimeter; it isn’t a whole-platform guarantee.

You can fully delete a customer’s data.

Decommissioning a customer or a whole tenant runs a real, irreversible cascade — not a soft-delete flag. One-click erasure of a single person’s data on request (the “right to be forgotten”) isn’t built yet; it’s on the roadmap.

A bridge token is a real human step.

Provisioning a blueprint needs a developer-portal sign-in; there’s no fully unattended bootstrap.

Pricing always lives on the pricing page — never duplicated here.