Client data will be used solely to generate agreed-upon IND submission content (such as Modules 2 and 3) in accordance with the defined scope of work between Dark Horse Consulting and the client. Your data is never used to train large language models or shared beyond your engagement, and it remains protected and confidential at all times.

CentaurAI is a secure platform that operates within DHC’s private AWS environment, using industry-standard security controls—network isolation, encryption, and access management—to ensure all data remains confidential and protected throughout storage and processing.

Every user works in private project spaces. Other users cannot see these projects unless access is explicitly granted by the client. Permissions are fully controlled by the project owner, ensuring visibility is always intentional and limited to authorized collaborators.

AI features are powered by Amazon Bedrock and run entirely within DHC’s AWS environment. Prompts and outputs remain within the region, are encrypted, and are never shared with model providers. No data is retained by Bedrock or used for model training.

No. DHC guarantees that no data submitted through the platform is used to train, fine-tune, or improve foundation models.

CentaurAI uses Claude Sonnet as the default model, with the option to use other models supported through AWS Bedrock when appropriate.

Yes. Data is encrypted at rest using AWS KMS keys and in transit using TLS 1.2 or higher. These encryption layers protect data both when stored and when transmitted between components.

AWS complies with major global certifications, including SOC 1/2/3, ISO 27001/27017/27018, HIPAA eligibility, FedRAMP, and GDPR alignment. These frameworks validate the security and operational controls that underpin CentaurAI. Amazon Bedrock inherits AWS’s full compliance portfolio, including SOC, ISO 27001-family standards, HIPAA eligibility, FedRAMP (GovCloud), and GDPR alignment.

All AI interactions are encrypted in transit using TLS 1.2+ and encrypted at rest through AWS KMS. This applies to prompts, responses, and supporting infrastructure.

The platform follows key principles: strict access control, isolated environments, comprehensive encryption, no use of customer data for AI training, and operation exclusively within DHC’s secure AWS infrastructure. These principles support confidentiality, integrity, and compliance.

No. All AI requests are handled through private VPC endpoints inside DHC’s AWS environment. Data remains within the selected AWS region and does not traverse public networks.

Logins are protected through AWS Cognito with mandatory multi-factor authentication. Each session requires both a password and a second verification step, significantly reducing the risk of unauthorized access.

All data is stored within AWS services inside DHC’s dedicated account. Structured information uses Amazon RDS, files are stored in Amazon S3, and search data is managed through Amazon OpenSearch. These services run in private networks with no public database access.

No. Inputs and outputs are not shared with model providers such as Anthropic or Mistral. Bedrock is designed so customer data is never visible to or retained by model vendors.

In compliance with CCPA and GDPR, clients can request the permanent deletion of their project data at any time. Upon a verified request, DHC will purge all files from AWS. Before data deletion, clients may request an export of all uploaded documents and AI-generated drafts in standard formats (e.g., PDF, .docx).

Clients have the right to opt-out of AI-assisted drafting at any stage. If opted out, the CentaurAI platform will be restricted for your project, and all work will be conducted through traditional manual consulting methods.

No. CentaurAI is a drafting assistant. Every output undergoes a Human-in-the-Loop review where a DHC subject matter expert validates technical accuracy, checks for hallucinations, and ensures the content meets our professional standards before it is shared with a client.

The platform is designed for transparency. Our consultants use the integrated search data (Amazon OpenSearch) to trace every AI-generated claim back to the source documents provided in your project space. While CentaurAI accelerates the drafting of documentation and regulatory filings, Dark Horse Consulting remains the accountable author. No AI-generated text is delivered to a client or regulatory agency without comprehensive human oversight.

Detection & Isolation: Our team uses AWS-native monitoring tools to immediately isolate affected project spaces and prevent further unauthorized access.

Notification: We commit to notifying affected clients within 72 hours of confirming a data breach, providing details on the nature of the data involved to support your own CCPA/GDPR compliance requirements.

Remediation: We will conduct a full root-cause analysis and provide a detailed report to the client, ensuring all vulnerabilities are patched and data integrity is restored before project work resumes.