The Policy Compilation Engine · for every company
Describe your organization.
Compile how its data is accessed.
You define the rules of your organization in plain language. The processor compiles them into a live access model — computed per request, for people, applications, and AI. We see the logic, never the data.
AI can suggest. Only the compiler decides.
New company
Start clean.
No legacy roles, no permission debt. Answer a short questionnaire and your access model is born correct — deny-by-default, AI-aware, audit-ready from day one. The way governance should have started.
Existing company
Compile what you already have.
Point the processor at your data. It discovers, classifies, and proposes a policy graph you review and approve. No rip-and-replace — the processor runs alongside what you have and absorbs the access layer over time.
Every company can run the processor — there is no minimum size and no rebuild required.
how it is built
One engine. Three layers. One source of truth.
The boundary between human judgment and machine automation is the architecture — and it is what makes the model safe in the AI era.
Control Surface🟢 you · interface only
You describe the business: departments, information types, sensitivity levels, who approves what, and how AI may use data. These are business decisions — they stay with you.
↓ answers, edits, explicit approvals
Intelligence Layer🟣 AI · non-authoritative
AI suggests structure, auto-classifies, and explains risk in plain language. Every output is a proposal — it reaches the core only through human approval. It never writes policy by itself.
↓ only human-approved intent crosses this line
Deterministic Core🔵 the processor · no AI, ever
The Compiler turns approved intent into a policy graph, the Runtime enforces it in real time (deny-by-default), and every decision becomes a signed receipt. Same input ⇒ identical output. No guessing.
the questionnaire · 12 questions
You answer 12 questions in your own words.
Grouped in three rings. The first five are all it takes to get a working access model — the rest unfold only if you need them. Pick a template and most answers are filled in for you; you just edit.
Ring 1 · The essentials≈3 min · required
Q1What does your organization do? · one sentence + template
Q2Departments & teams · e.g. Finance, R&D, Sales
Q3Types of information you hold · HR · Finance · Customer · Legal
Q4Sensitivity levels · public → internal → confidential → restricted
Q5Who is the subject of the sensitive data? · customer / patient / employee
Ring 2 · Access rules≈3 min · the core
Q6Who sees what · the access matrix · everything starts closed
Q7What needs approval, and who approves? · e.g. wire > CFO
Q8External parties that touch data · vendor · regulator · partner
Ring 3 · Governance & AI≈2 min · unfolds if needed
Q9AI policy per information type · safe / summary-only / blocked
Q10When is access revoked? · offboarding · contract end · consent
Q11Geographic / regulatory split? · IL · EU · US
Q12Regulator-disclosable fields · optional
the flow
From a blank page to a live model.
01
Answer the questionnaire
you 🟢
02
AI proposes a structure
ai 🟣
03
You approve / edit
you 🟢
04
Compiler builds the graph
core 🔵
05
Runtime enforces live
core 🔵
06
Simulation verifies
core 🔵
The only path from AI to enforcement runs through a human and through the compiler. There is no back door.
the cost of the old model
~98%
permissions never used
of granted cloud entitlements sit idle
38%
accounts dormant
a third of identities are inactive
96%
still manual
orgs run core IAM by hand
Enterprises spend billions managing identities — yet most permissions go unused, many accounts are inactive, and most of the work is still done by hand.
cloud-permissions (CIEM) research · Veza Identity & Access Report · IDSA survey of ~600 IT & security pros
why a new category
Identity systems scale complexity.
Data systems scale policy.
Classic IAM grows roles, groups, and exceptions faster than the organization itself. A policy graph grows with your data — not with your users.
Identity-based security
- scales with users
- requires roles, groups, exceptions
- 1 org change → 10–100 permission edits
- breaks under AI-driven access
Data-based security
- scales with information
- compiles policy deterministically
- 1 policy change → re-compile the graph
- works natively with AI agents
IAM systems manage people. We compile how data is accessed.
ניהול משתמשים מייצר מורכבות · ניהול מידע מייצר סקייל
the engine that makes it all possible
It all runs inside the Capsule.
The Capsule is the processor — installed on your side, running locally. It is the one thing you install; everything else is a policy you compile onto it. Your data and your keys never leave. We compute access to information — without access to the information itself.
💠 Installed Capsule · runs locally🔒 Local · offline · zero-knowledge🔑 Your keys, never ours📜 Signed receipt for every access🧩 Install once · compile policies forever