Trust is the architecture
Cross-business leakage is the worst class of bug. So we made it structurally impossible — not just policy. Here's how.
Cross-tenant isolation by design
Every request is scoped by Membership — the actor, not the phone number. The same number can be an Owner at Cafe A and an Employee at Site B; they resolve to two different memberships, two different scopes. An employee at Business B cannot retrieve Business A's procedure even if they know exactly what to ask for.
The agent can't bypass the gateway
Jory's reasoning runtime never touches the database. It can only call a finite, hardened catalog of capabilities — each one tenant-checked, role-checked, scope-checked, and audited. There is no "run any SQL" tool. The gateway is the universe the agent operates in.
Append-only audit, every state change
"Did Maria acknowledge the food-safety policy?" That's answered by an immutable audit event, not by the model. Every capability invocation, every approval, every status update gets a timestamped, tenant-scoped record. Nothing is rewritten — only added.
Employee privacy isn't an afterthought
Jory is a coworker, not surveillance. Employees can always see what's shared back to management and what isn't. When a status update is being collected, it's clearly a manager-facing question — not a private chat dressed up otherwise.
Grounded answers. No improvisation.
If Jory makes up a procedure that doesn't exist in your business memory, an employee could get hurt or violate policy. So employee-facing answers are always grounded in published procedures with a citation back to the source — usually the original video the owner recorded. If there is no matching memory, Jory says so. It does not improvise. Translations of safety-critical content keep the original alongside the translation.
Want the architecture deep-dive?
We're happy to walk you through tenancy isolation, the capability gateway, audit, and our pilot data-handling commitments.