Security & trust

Your data never leaves.
You make every call.

Mysa reads claims and recommends liability decisions — so where it runs and what it is allowed to do matters as much as the call itself. It sits inside your own cloud or data centre, it only ever recommends, and every decision it touches is logged to the rule and evidence behind it. All of it stays yours.

Safeguards

What keeps the decision yours.

Not lines in a contract — each one shows up in the case your adjuster actually opens.

You decide, always

Mysa recommends with the evidence and a confidence score. Your adjuster accepts, edits or overrides it — Mysa never commits a decision on its own.

Auditable by decision

Every decision carries its trail: which rule fired, at what confidence, confirmed by whom. Ready for a dispute, an audit, or GDPR Article 22.

Your models, your graph

Model-agnostic, no lock-in, no training on your data. The decision graph you build stays yours — an asset you own on your own balance sheet.

Enterprise security

Encrypted in transit and at rest. SSO / SAML through your own identity provider, with role-based access down to the field.

Access control

Permissions scoped by workspace, project and user. Your people see the claims they are cleared for, and nothing else.

Privacy by default

Personal data is masked before a model ever sees it, and Mysa never touches health data. We hold only what a decision needs, and no more.

Where it runs

It runs where you already do.

Two ways to deploy Mysa — both sovereign, both fully in your control.

01

In your cloud (VPC)

Mysa deploys into your own cloud account and never leaves it. You keep the keys, the region and the audit trail.

  • Deploys to AWS, GCP or Azure — whichever you already run
  • Pinned to your region, inside your own account and VPC
  • SSO / SAML through your identity provider, role-based access
  • No claim ever leaves your tenant to a third party
Book a deployment call
02

On-premise

For the strictest environments, Mysa runs entirely behind your own perimeter — no cloud, no exceptions.

  • Runs on your own hardware, in your own data centre
  • Fully air-gapped — no internet connection required
  • Zero outbound calls; models and data stay behind your firewall
  • Model-agnostic — bring your own LLMs and swap them anytime
Talk to us
The full security postureSubprocessors, DPA, encryption, residency and the decision audit trail — all in one place, ready for your security review.
Request the security pack

Common questions

Where does Mysa run, and where does our data live?

In your environment — your cloud, on-prem, or your own VPC. Mysa is sovereign by design, so your claims data stays yours and never has to leave your infrastructure to be processed.

Does Mysa make automated decisions about people?

No. The final call is always your team’s. Mysa hands the adjuster a decision-ready case and a human decides, which is what regimes like GDPR Article 22 require for decisions that affect claimants. Human in the loop

Is there an audit trail for decisions?

Yes. Every decision is logged to its source — the rule it rests on and the facts behind it — so you have a defensible record built for disputes, regulators, and GDPR Article 22. Claims audit trail

What access controls and authentication does Mysa support?

Encryption in transit and at rest, SSO/SAML, and role-based access control, so the right people see the right claims and every action is attributable.