For regulated teams
The secure data, search, and AI back-end for regulated apps.
Isolated per customer, audited by default, with sensitive fields destroyed before they’re ever written to history. The isolation, audit, and sensitive-data handling a regulated product needs are native — not bolted on after your first security review.
The expectation today
Most “build fast” back-ends aren’t practically viable for protected health information. The isolation, the audit trail, and the sensitive-field handling are things you’re expected to assemble yourself — and then prove, usually in front of your first customer’s security review.
Where Vectros comes from
It comes out of building a HIPAA-grade clinical product. Per-customer isolation, redact-at-write, and a tamper-evident audit trail were design constraints from the first line of code — not retrofits. The controls aren’t a premium SKU; they’re properties of the same platform a solo developer starts on.
The architecture
Controls are native, not bolted on.
One declared data model drives validation, references, search indexing, sensitivity, and audit history — so the controls aren’t stitched across four systems you keep in sync. They’re built into the one model everything else reads from.
One model, not four systems
No separate database, vector index, sync pipeline, or audit store to keep aligned with each other.
Faster is also safer
The same primitive that ships you faster is the one that makes isolation structural and audit automatic.
A peak, not a tax
Compliance is a capability you turn on when a customer needs it — not a cost baked into the entry price.
Sensitive-data handling
Three separate mechanisms protect a sensitive field.
They operate at different points in the data lifecycle. Redact-at-write protects history; read-time masking protects live reads; search-exclusion protects retrieval — three independent guarantees, not one restated.
Redact-at-write
destroyed before persist
A sensitive field’s value is redacted out of the retained version history and the structured change-diff before anything lands in durable history. This is not reversible masking — it’s destruction. No scope, credential, or later request can recover it, because it was never written there.
Read-time masking
hidden unless the token reveals it
A token without the explicit reveal scope sees the field obscured. A token deliberately granted reveal authority sees the cleartext. This is the runtime access control on sensitive data still present in live rows.
Search-exclusion
never enters the index
Sensitive fields are excluded from the search index at index time — never embedded, never tokenized. No query, semantic or keyword, can surface a sensitive value or use it as a matching signal, because it isn’t in the index to match against.
The compliance & PHI story
Said plainly, and never rounded up.
Tenant isolation is enforced structurally at the data layer. Credentials are validated at the edge before any application code runs. Every public surface terminates TLS and every storage surface is encrypted at rest. The partner data-plane inference path runs inside the Vectros perimeter — the same posture on every tier.
Audit & version history, retained compliantly
Every write to an audited model accrues a version record — built to survive an auditor.
- What changed, who changed it, and the prior content — with sensitive fields already redacted.
- Deletions leave a tombstone.
- Tamper-evident: a SHA-256 state-continuity chain makes out-of-band alteration detectable.
- Heavy history moves to a write-once, retention-locked store (default ~7-year horizon), never silent auto-expiry.
Isolation as the guarantee
Every application context is a mandatory, fail-closed partition derived from the credential — never a wildcard.
- Probing with another customer’s id returns the same “not found” as an invented id — errors aren’t a discovery channel.
- Hybrid search inherits the same boundary.
- Filter inputs are allow-list validated, so a crafted filter can’t break out of the tenant clause.
- Isolation is a platform property — not row-level rules one forgotten WHERE clause from a leak.
Hardened by adversarial review
Partner-facing surfaces have been hardened through extensive adversarial security review.
- The review exercised tenant isolation, scope enforcement, key construction, the edge, the authorizer, and the webhook machinery.
- Do-not-regress constraints from that work are enforced mechanically in the codebase, so the fixes can’t silently erode.
Tamper-evident, not tamper-proof — the chain makes alteration detectable; it does not make the store physically immutable.
The visual hero
The compliance story is something you can see.
The audit History view renders the version timeline of a record: who changed what, when, with sensitive fields redacted in every historical row. The single best answer to “why not a general-purpose backend-as-a-service?”
| Ver | Actor | Change |
|---|---|---|
| v4 | svc.intake-bot | status: in_review → triaged |
| v3 | dr.okafor | risk_note: ••••••••• (redacted) |
| v2 | svc.intake-bot | priority: normal → elevated |
| v1 | dr.okafor | record created · 7 fields |
Proof points
Things you can actually run.
Pick a blueprint, run vectros bootstrap --blueprint <name>, then drive it through an MCP agent or the data-plane UI — zero application code.
Clinical Intake
blueprintStructured intake that validates on the way in and surfaces the most similar prior cases by meaning — compliance-first, on healthcare home turf. Decision support, not decisioning.
Audit History view
visual heroThe version timeline made visible — who changed what, when, with sensitive fields redacted in every historical row.
Coding-Agent Project Memory
blueprintA coding agent that remembers decisions, conventions, and gotchas across sessions — facts, episodic, and semantic memory, with no application code.
Second Brain
blueprintDump every note, idea, and link in one place, then just ask it — the widest, lowest-stakes on-ramp.
The same platform a solo developer starts on
Start lean. Scale to compliance-grade without re-platforming.
Same on-ramp
The isolation, audit, and sensitive-field handling above are reached from the same on-ramp a lean builder uses — one declared data model behind one API, from your own code over the SDK and CLI, or natively by an agent over MCP. The controls are a peak of that surface, not a separate product.
No wall, no re-platform
The cheap tools a team reaches for first wall them the day they land a customer who needs isolation, audit, or a BAA — at which point the price jumps to an enterprise tier, or the auth and database they chose were never eligible. Vectros is the one back-end you grow into compliance on.
That’s also the cost story — architecture, not a billing promise. See the pricing page for the current shape, or the lean on-ramp on the build-fast track.
vs. rolling your own
The back-end is the easy demo and the six-month nightmare.
Standing up a regulated AI back-end yourself means building — and then operating forever:
- Your own database design, search cluster, embedding pipeline, isolation model, key-scoping, and audit trail — all kept compliant.
- A bare vector index gives you similarity search and a bill, but isn’t your source of truth — so you still run a separate database and a sync pipeline beside it.
- Vectros is the layer you don’t operate: the common case is minutes instead of months, and stays minutes, because the operating cost is ours.
Where the boundaries are
The honest caveats.
Being precise is the pitch to this audience. Evaluate these explicitly for a regulated workload.
Audit history is tamper-evident, not tamper-proof.
The chain makes out-of-band alteration detectable; continuous automated verification isn’t part of the shipped surface.
In-perimeter inference is scoped to the partner data plane.
It’s not a whole-platform legal representation. The platform gives you a HIPAA-grade substrate; it doesn’t make your own application HIPAA-grade on its own.
You can fully delete a customer’s data.
Decommissioning a customer or a whole tenant runs a real, irreversible cascade — not a soft-delete flag. One-click erasure of a single person’s data on request (the “right to be forgotten”) isn’t built yet; it’s on the roadmap.
Reviewed, not certified.
We don’t hold a SOC 2 report or a third-party penetration test today — both are on the roadmap, and we don’t represent otherwise.
Some controls aren’t built yet.
Data residency and region-pinning, customer-managed keys, read-access logging, and configurable retention aren’t shipped today. Ask under NDA where each stands.
The agent/MCP surface has no web tools.
No web-search or web-fetch — nothing auto-scrapes, by design. Document upload through the agent is text-inline today, and a developer-portal sign-in is a real human prerequisite.
The evaluation journey
Reach conviction on public material before you ask for access.
This is an invite-only 0.x preview. For this audience, the friction is deliberate.
This page
The compliance story, the boundary, the proof points.
Docs & dev portal
The API / SDK / CLI surface, getting started, the rendered spec.
Public code
The reference apps and SDKs you can actually read.
Blueprints
The runnable proof: pick one, see exactly what it provisions.
Request early access
The gate.
Self-serve and a free tier are on the way as we open access. For now, access is by invitation.