Your code. Your data. Our posture.

We work across all three leading frontier model labs — Anthropic (Claude), OpenAI (Codex / GPT), and Google (Gemini) — and we'll be adding xAI (Grok) once its coding-focused model lands via Cursor. Two surfaces, two postures, both spelled out so procurement teams know what they're getting:

The Transformers — the autonomous Agent OS that runs ESS's own business and any agent fleet we build for you — runs through paid API keys on each lab's developer API. API inputs are not used to train models, contractually:

• Anthropic API — per Anthropic's Commercial Terms, API inputs and outputs are not used to train Claude models.
• OpenAI API — per OpenAI's API data usage policy, data submitted via the API is not used to train OpenAI models by default.
• Google AI API (paid tier) — per Google's generative AI data policies, paid-tier API prompts and responses are not used to train Google models or accessed by humans for model improvement.

Per-environment keys, rotated, never in code. Audit logs on every agent action. Any AOS engagement runs entirely on this API path.

PowerDev — the day-to-day custom software work — uses the labs' paid plans operated under the strictest available data-control settings. If your engagement requires PowerDev to run API-only end-to-end (with the same contractual no-training guarantee that covers the Transformers), say so on the first call and we'll write it into the engagement.

Already have an enterprise agreement with the labs? Even better. We're more than happy to run the entire engagement on your enterprise API keys for Claude, OpenAI, and Google — your contracts, your audit trail, your data-residency choices, your billing. Bring the keys, we'll bring the work.

Specific account, tier, and configuration details are shared under NDA during compliance review — not a public-page conversation.

Per-engagement infrastructure, in your tenant or ours by mutual agreement. We don't have a shared cloud account everyone gets pooled into.

Defaults we use:

• Cloud: Azure (US regions) for ERP / EDI / enterprise integration work; Vercel + Supabase (US regions) for web work; whatever the engagement requires for AOS deployments.
• Team: 100% US-based. Atlanta, Georgia. No offshore handoffs.
• Model API endpoints: US regions on all three lab providers.
• Data flow: code and data move only between systems we've explicitly approved per engagement. New egress destinations require approval before they're added.

If your industry or jurisdiction requires data to stay in a specific region or tenant, that's part of the engagement scope on day one.

Secrets never live in code, never live in env files committed to git, never live in chat history.

• 1Password Business via service-account access for the workspace credential store.
• Per-environment Azure Key Vault on engagements that use Azure (RBAC-managed, accessed via Managed Identity, not access keys). Function apps consume secrets via @Microsoft.KeyVault references, not raw env values.
• Doppler-managed secrets on engagements that use Vercel + Supabase, synced per environment (dev / staging / prod).
• Sensitive partner-facing secrets (function host keys, OAuth client secrets, M2M tokens) are regenerated from the source of truth (Azure / Auth0 / 1Password) on demand. They're never copied into committed documentation, and they're scrubbed from any handoff packets.
• Backups of secret material live in encrypted vaults with the same access posture as the live secrets.

This isn't a theoretical posture. Read the case studies — every shipped engagement uses this approach.

Every change is reviewed before merge. Cross-model adversarial review on the engineering work — one model writes, another reviews, blind spots cancel out. The five-agent PR gate (security review, QA, DevOps, docs, paired senior dev review) runs on every change in the autonomous pipeline.

Production-touching agents log every action they take. The sales-quote agent logs the input and the generated quote. The autonomous bug-fix pipeline logs every model decision and writes the postmortem to Confluence with the regression test that prevents recurrence. The knowledge graph captures every fix as a permanent learning so we don't ship the same bug twice.

If you need an audit trail of what the agents did during an engagement, it exists by design.

We're a small company. The list below is what we do NOT have, stated honestly so you don't waste a call on it:

• Not SOC 2 certified. Engineering posture is enterprise-grade, the audit isn't done. If your procurement requires a SOC 2 report, that's a real conversation, not a checkbox we'll claim.
• Not HIPAA-certified. We've shipped systems for regulated environments, but if PHI handling is core to your workload, scope and BAAs need to be discussed.
• Not ISO 27001 certified.
• Not FedRAMP authorized.
• Not on enterprise-tier contracts with the LLM labs ourselves yet — but if you have one, we'll run on your keys. The autonomous Transformers fleet always runs on paid API keys with the contractual no-training guarantee. API-only PowerDev is available on request.
• Not a managed-cloud provider — we build software, we don't run a hosted SaaS platform.

If any of these are hard requirements for your buyer, tell us before we sign anything. We'll either scope around them, partner with someone who has them, or be honest that we're not the right fit.