For regulated teams

The secure data, search, and AI back-end for regulated apps.

Isolated per customer, audited by default, with sensitive fields destroyed before they’re ever written to history. The isolation, audit, and sensitive-data handling a regulated product needs are native — not bolted on after your first security review.

The expectation today

Most “build fast” back-ends aren’t practically viable for protected health information. The isolation, the audit trail, and the sensitive-field handling are things you’re expected to assemble yourself — and then prove, usually in front of your first customer’s security review.

Where Vectros comes from

It comes out of building a HIPAA-grade clinical product. Per-customer isolation, redact-at-write, and a tamper-evident audit trail were design constraints from the first line of code — not retrofits. The controls aren’t a premium SKU; they’re properties of the same platform a solo developer starts on.

The architecture

Controls are native, not bolted on.

One declared data model drives validation, references, search indexing, sensitivity, and audit history — so the controls aren’t stitched across four systems you keep in sync. They’re built into the one model everything else reads from.

One model, not four systems

No separate database, vector index, sync pipeline, or audit store to keep aligned with each other.

Faster is also safer

The same primitive that ships you faster is the one that makes isolation structural and audit automatic.

A peak, not a tax

Compliance is a capability you turn on when a customer needs it — not a cost baked into the entry price.

Sensitive-data handling

Three separate mechanisms protect a sensitive field.

They operate at different points in the data lifecycle. Redact-at-write protects history; read-time masking protects live reads; search-exclusion protects retrieval — three independent guarantees, not one restated.

01

Redact-at-write

destroyed before persist

A sensitive field’s value is redacted out of the retained version history and the structured change-diff before anything lands in durable history. This is not reversible masking — it’s destruction. No scope, credential, or later request can recover it, because it was never written there.

02

Read-time masking

hidden unless the token reveals it

A token without the explicit reveal scope sees the field obscured. A token deliberately granted reveal authority sees the cleartext. This is the runtime access control on sensitive data still present in live rows.

03

Search-exclusion

never enters the index

Sensitive fields are excluded from the search index at index time — never embedded, never tokenized. No query, semantic or keyword, can surface a sensitive value or use it as a matching signal, because it isn’t in the index to match against.

The compliance & PHI story

Said plainly, and never rounded up.

Tenant isolation is enforced structurally at the data layer. Credentials are validated at the edge before any application code runs. Every public surface terminates TLS and every storage surface is encrypted at rest. The partner data-plane inference path runs inside the Vectros perimeter — the same posture on every tier.

01

Audit & version history, retained compliantly

Every write to an audited model accrues a version record — built to survive an auditor.

  • What changed, who changed it, and the prior content — with sensitive fields already redacted.
  • Deletions leave a tombstone.
  • Tamper-evident: a SHA-256 state-continuity chain makes out-of-band alteration detectable.
  • Heavy history moves to a write-once, retention-locked store (default ~7-year horizon), never silent auto-expiry.
02

Isolation as the guarantee

Every application context is a mandatory, fail-closed partition derived from the credential — never a wildcard.

  • Probing with another customer’s id returns the same “not found” as an invented id — errors aren’t a discovery channel.
  • Hybrid search inherits the same boundary.
  • Filter inputs are allow-list validated, so a crafted filter can’t break out of the tenant clause.
  • Isolation is a platform property — not row-level rules one forgotten WHERE clause from a leak.
03

Hardened by adversarial review

Partner-facing surfaces have been hardened through extensive adversarial security review.

  • The review exercised tenant isolation, scope enforcement, key construction, the edge, the authorizer, and the webhook machinery.
  • Do-not-regress constraints from that work are enforced mechanically in the codebase, so the fixes can’t silently erode.

Tamper-evident, not tamper-proof — the chain makes alteration detectable; it does not make the store physically immutable.

The boundary, drawn before you have to ask.
Compliance specifics — HIPAA terms, Business Associate Agreement coverage, attestation status — are available under NDA. Drawing the boundary ourselves is part of the trust story. Available under NDA →

The visual hero

The compliance story is something you can see.

The audit History view renders the version timeline of a record: who changed what, when, with sensitive fields redacted in every historical row. The single best answer to “why not a general-purpose backend-as-a-service?”

Audit Historyrecord rec_8f3a · intake_case
VerActorChange
v4svc.intake-botstatus: in_review → triaged
v3dr.okaforrisk_note: ••••••••• (redacted)
v2svc.intake-botpriority: normal → elevated
v1dr.okaforrecord created · 7 fields
Illustrative — synthetic data. Sensitive fields are destroyed before they reach retained history.

Proof points

Things you can actually run.

Pick a blueprint, run vectros bootstrap --blueprint <name>, then drive it through an MCP agent or the data-plane UI — zero application code.

Clinical Intake

blueprint

Structured intake that validates on the way in and surfaces the most similar prior cases by meaning — compliance-first, on healthcare home turf. Decision support, not decisioning.

Audit History view

visual hero

The version timeline made visible — who changed what, when, with sensitive fields redacted in every historical row.

Coding-Agent Project Memory

blueprint

A coding agent that remembers decisions, conventions, and gotchas across sessions — facts, episodic, and semantic memory, with no application code.

Second Brain

blueprint

Dump every note, idea, and link in one place, then just ask it — the widest, lowest-stakes on-ramp.

The same platform a solo developer starts on

Start lean. Scale to compliance-grade without re-platforming.

Same on-ramp

The isolation, audit, and sensitive-field handling above are reached from the same on-ramp a lean builder uses — one declared data model behind one API, from your own code over the SDK and CLI, or natively by an agent over MCP. The controls are a peak of that surface, not a separate product.

No wall, no re-platform

The cheap tools a team reaches for first wall them the day they land a customer who needs isolation, audit, or a BAA — at which point the price jumps to an enterprise tier, or the auth and database they chose were never eligible. Vectros is the one back-end you grow into compliance on.

That’s also the cost story — architecture, not a billing promise. See the pricing page for the current shape, or the lean on-ramp on the build-fast track.

vs. rolling your own

The back-end is the easy demo and the six-month nightmare.

Standing up a regulated AI back-end yourself means building — and then operating forever:

  • Your own database design, search cluster, embedding pipeline, isolation model, key-scoping, and audit trail — all kept compliant.
  • A bare vector index gives you similarity search and a bill, but isn’t your source of truth — so you still run a separate database and a sync pipeline beside it.
  • Vectros is the layer you don’t operate: the common case is minutes instead of months, and stays minutes, because the operating cost is ours.
Read the full comparison →

Where the boundaries are

The honest caveats.

Being precise is the pitch to this audience. Evaluate these explicitly for a regulated workload.

Audit history is tamper-evident, not tamper-proof.

The chain makes out-of-band alteration detectable; continuous automated verification isn’t part of the shipped surface.

In-perimeter inference is scoped to the partner data plane.

It’s not a whole-platform legal representation. The platform gives you a HIPAA-grade substrate; it doesn’t make your own application HIPAA-grade on its own.

You can fully delete a customer’s data.

Decommissioning a customer or a whole tenant runs a real, irreversible cascade — not a soft-delete flag. One-click erasure of a single person’s data on request (the “right to be forgotten”) isn’t built yet; it’s on the roadmap.

Reviewed, not certified.

We don’t hold a SOC 2 report or a third-party penetration test today — both are on the roadmap, and we don’t represent otherwise.

Some controls aren’t built yet.

Data residency and region-pinning, customer-managed keys, read-access logging, and configurable retention aren’t shipped today. Ask under NDA where each stands.

The agent/MCP surface has no web tools.

No web-search or web-fetch — nothing auto-scrapes, by design. Document upload through the agent is text-inline today, and a developer-portal sign-in is a real human prerequisite.

The evaluation journey

Reach conviction on public material before you ask for access.

This is an invite-only 0.x preview. For this audience, the friction is deliberate.

1

This page

The compliance story, the boundary, the proof points.

2

Docs & dev portal

The API / SDK / CLI surface, getting started, the rendered spec.

3

Public code

The reference apps and SDKs you can actually read.

4

Blueprints

The runnable proof: pick one, see exactly what it provisions.

5

Request early access

The gate.

Self-serve and a free tier are on the way as we open access. For now, access is by invitation.