What LLM providers are supported?

OpenAI GPT-4, Anthropic Claude, Google Gemini, xAI Grok, and local Ollama models. Athena routes each request to the optimal provider.

Security & Trust

Security Architecture

Sovereign AI means your security posture is yours. This document covers the Olympus-Grid architecture, identity model, data handling, compliance posture, and trust framework for CISOs, CIOs, and security architects.

Architecture & Sovereignty

What does "sovereign AI" mean?

Sovereign AI means your data, your models, your infrastructure. Olympus-Grid is designed so no data leaves your sovereign perimeter without explicit configuration. The grid runs on your Salesforce org, your AWS account, or your own physical hardware. No shared compute, no shared storage, no shared identity.

How is Olympus-Grid deployed?

Three deployment models: (1) Salesforce managed package + AWS Fargate Pantheon container fleet, (2) Hybrid cloud with your existing AWS infrastructure, (3) Fully off-grid on a fleet of Mac Minis or Raspberry Pi 5 nodes. All three models use the same Olympus-616 agent mesh. Azure and GCP (Google Cloud Platform) deployments are available upon request.

Who has access to my data?

Nobody but you. Identity, conversations, memory, and ledger records live in your Salesforce org and your AWS account — never on shared infrastructure. Olympus-616 is the managed agent configuration operated by CloudPremise LLC under enterprise-grade controls: SOC 2 Type II certification in progress, annual penetration testing, encrypted at rest and in transit, and zero standing access to customer data. We operate the software layer. You own the data layer. The two never cross without your explicit consent.

Identity & Authentication

How does authentication work?

Olympus-Grid supports Apple Sign In (SIWA), email magic-link, and enterprise SSO. All authentication tokens are stored in httpOnly __Host-* cookies — never in localStorage or sessionStorage. Tokens are never logged or transmitted outside your sovereign perimeter.

What is Identity__c?

Identity__c is the canonical Salesforce SObject that anchors every user in the grid. Email, Apple Subject ID, OAuth tokens, and all linked identities are stored on a single Identity__c record per user. There is no external identity database — Salesforce is the source of truth.

How does Cosmos-Logos handle agent identity?

Cosmos-Logos uses Ed25519 signing and X25519 key exchange for sealed-envelope inter-agent communication. Every agent call is signed. Every response is verified. There is no unauthenticated agent-to-agent communication on the grid.

Data & Privacy

Where is conversation data stored?

Conversation history is stored in Mnemosyne — the sovereign memory layer. In the default configuration, conversations are stored as files on your sovereign node, indexed in Salesforce Conversation__c records. You can configure alternative storage backends via Proteus.

Is my data used to train models?

No. Olympus-Grid does not use your data to train any model. LLM calls are routed via Athena to your configured provider (OpenAI, Anthropic, Gemini, Grok, or your local Ollama instance). Your data flows to your chosen provider under your own API key. CloudPremise has no visibility into these calls.

What data does CloudPremise collect?

CloudPremise collects billing data (via Stripe), product usage telemetry (shell metering events via Plutus), and support communications. We do not collect conversation content, uploaded files, or agent outputs. The LedgerEntry__c audit trail lives in your Salesforce org.

Compliance & Certifications

What compliance frameworks does Olympus-Grid support?

Olympus-Grid is designed for deployment in regulated industries. The Salesforce-backed architecture inherits Salesforce's SOC 2 Type II, ISO 27001, HIPAA BAA, GDPR, and CCPA compliance postures. Off-grid deployments require customer-managed compliance controls.

Is Olympus-Grid HIPAA-compliant?

Olympus-Grid can be deployed in a HIPAA-aligned configuration using on-premises Ollama LLM routing (no PHI leaves your perimeter) and Salesforce as the data store (BAA available from Salesforce). CloudPremise can execute a BAA for grid operations. Contact us for enterprise compliance discussions.

What is the AppExchange security review status?

The Olympus-Grid managed package is listed on the Salesforce AppExchange. Salesforce AppExchange packages undergo security review by Salesforce's security team before listing. See the AppExchange listing for current certification status.

LLM & AI Safety

Which LLMs does Olympus-Grid support?

Athena routes to any configured LLM provider: OpenAI (GPT-4o, o1), Anthropic (Claude), Google (Gemini), xAI (Grok), and local Ollama models. You configure your own API keys. CloudPremise never holds your LLM provider credentials.

How is shell balance enforced?

Shell balance is enforced server-side by Ares before any chat request is forwarded to Athena. Client-side balance checks are supplementary. Ares validates balance against Plutus on every request — a depleted balance cannot be bypassed by modifying client state.

What happens if the grid goes offline?

Olympus-Grid is designed for graceful degradation. The off-grid Turtle Cave fleet operates independently of cloud connectivity. Athena fails gracefully with a user-facing error when all configured LLM providers are unreachable. No data is lost during outages.

For security disclosures, enterprise compliance discussions, or to report a vulnerability, contact security@olympus-grid.com. Olympus-Grid is provided as-is under the AGPL license for open-source components. Enterprise licensing available.