
Phronesis Executive Intelligence
How Phronesis protects your data. Last updated June 2026.
Phronesis was engineered for principals who cannot afford a leak. The standard below is not aspirational. It is in production across an executive workspace, a public safety intelligence system in active government use, and a judicial intelligence system built for appellate practice.
Phronesis runs entirely in the United States. The application is hosted on Vercel. The database and all uploaded files are stored in Supabase, which runs on Amazon Web Services in the United States. The exact hosting region is available under NDA in the gated Trust Center materials.
Traffic is encrypted in transit with TLS 1.2 or higher. Data is encrypted at rest with AES 256 at the database and storage layer.
The platform is multi tenant with row level security on every table that holds user data, scoped to the account. Every API route verifies the authenticated session and scopes each read, write, and delete to that verified account, so no account can reach another account's data by changing a value in a request. This isolation is enforced at the engine level and has been verified across the platform.
Administrator and standard roles are separated. Access is authenticated on every request. API keys are stored as hashes. Key rotation carries a grace period. Per key rate limiting and optional IP allowlisting are available. Every request is logged with its timestamp, model tier, token count, and cost.
All reasoning runs through the Phronesis Intelligence API, the proprietary engine built by Aeternum Systems. Customer inputs and outputs are never used to train any model. The underlying inference operates under commercial terms that contractually prohibit training on customer data.
The database is backed up automatically every day.
Phronesis is currently available to individuals only. The platform and the Phronesis Intelligence API are not licensed to organizations at this time, including firms, companies, and hospitals. HIPAA and additional security and compliance models are planned for Phase 2. Until the corresponding certification is in place, Phronesis is not offered for organizational deployment.
SOC 2 and ISO 42001 are on the near term roadmap. The underlying cloud providers maintain their own SOC 2 and related certifications for the infrastructure layer.
Users are instructed not to upload regulated data, in particular protected health information, until the corresponding certification is in place.
Phronesis relies on Supabase for database and file storage, hosted in the United States on Amazon Web Services, and on Vercel for application hosting in the United States. The complete subprocessor list, including the AI inference provider, is available under NDA through the gated Trust Center materials.
Phronesis is hosted in the United States and intended for United States based users at launch. Account and conversation data is retained while the account is active and is removed within 30 days of account cancellation. Uploaded files are retained while the account is active and are deleted on request. Request and usage logs are retained for 90 days. A GDPR compliant offering is part of the Phase 2 roadmap. Phronesis is not currently offered to users in the European Union or the United Kingdom.
For NDA gated materials, the complete subprocessor list, the exact hosting region, or any security review question, contact cjm@aeternumsystems.com.